namespaces.7: srcfix: Added FIXME

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Michael Kerrisk <mtk.manpages@gmail.com> 2013-02-25 05:43:19 +0100
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2014-09-13 20:15:59 -0700
commit: fd4eb520d6162461df53e745ce8970c830d7851b (patch)
tree: e20f1956f659697d4a9943b7846176d44ab5f205 /man7/namespaces.7
parent: aa497420661db6f683618d24e4817dd3d49ae5bc (diff)
download: man-pages-fd4eb520d6162461df53e745ce8970c830d7851b.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/man7/namespaces.7 b/man7/namespaces.7
index e005c664d4..158a764598 100644
--- a/man7/namespaces.7
+++ b/man7/namespaces.7
@@ -673,6 +673,18 @@ The writing process must have the
 .RB ( CAP_SETGID )
 capability in the user namespace of the process
 .IR pid .
+.\" FIXME(Eric): 
+.\" Something isn't quite right in the description here.
+.\" Suppose UID 1000 creates a user namespace. At this point, UID 0 in
+.\" the parent namespace can write a map of (say) '0 1000 10' to uid_map.
+.\" That succeeds. But how is that case covered in the three rules here?
+.\" In other words, how does UID 0 in the parent namespace have any
+.\" capabilities in the new child namespace? Somewhere on the page,
+.\" I think there needs to be a statement about the privileges of
+.\" UID 0 when no mapping has yet been defined, right?
+.\" Or is it simply the case that UID 0 in the parent namespace
+.\" always has all capabilities in the child namespace?
+.\"
 .IP 2.
 The writing process must be in either the user namespace of the process
 .I pid
author	Michael Kerrisk <mtk.manpages@gmail.com>	2013-02-25 05:43:19 +0100
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2014-09-13 20:15:59 -0700
commit	fd4eb520d6162461df53e745ce8970c830d7851b (patch)
tree	e20f1956f659697d4a9943b7846176d44ab5f205 /man7/namespaces.7
parent	aa497420661db6f683618d24e4817dd3d49ae5bc (diff)
download	man-pages-fd4eb520d6162461df53e745ce8970c830d7851b.tar.gz