user_namespaces.7: Correct user namespace rules for mounting /proc

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Michael Kerrisk <mtk.manpages@gmail.com> 2016-06-26 16:31:44 +0200
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2016-06-26 16:31:44 +0200
commit: 687d3f4aeff901455ab9430f336f23f767322848 (patch)
tree: 50efa1036e99a120fb3e41700fa61e6472f07fbc
parent: 7e52299f66d95021cad783c7fcf7cebb8ece0dfd (diff)
download: man-pages-687d3f4aeff901455ab9430f336f23f767322848.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7
index 0de5137974..6475bafd08 100644
--- a/man7/user_namespaces.7
+++ b/man7/user_namespaces.7
@@ -264,10 +264,18 @@ and mount the following types of filesystems:
 .PP
 Holding
 .B CAP_SYS_ADMIN
-within the user namespace associated with a process's cgroup namespace
+within the PID namespace associated with a process's cgroup namespace
 allows (since Linux 4.6)
 that process to mount cgroup filesystems.
 
+Holding
+.B CAP_SYS_ADMIN
+within the user namespace associated with a process's PID namespace
+allows (since Linux 3.8)
+that process to mount
+.I /proc
+filesystems.
+
 Note however, that mounting block-based filesystems can be done
 only by a process that holds
 .BR CAP_SYS_ADMIN
author	Michael Kerrisk <mtk.manpages@gmail.com>	2016-06-26 16:31:44 +0200
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2016-06-26 16:31:44 +0200
commit	687d3f4aeff901455ab9430f336f23f767322848 (patch)
tree	50efa1036e99a120fb3e41700fa61e6472f07fbc
parent	7e52299f66d95021cad783c7fcf7cebb8ece0dfd (diff)
download	man-pages-687d3f4aeff901455ab9430f336f23f767322848.tar.gz