user_namespaces.7: CAP_SYS_ADMIN allows mounting cgroup filesystems

See https://bugzilla.kernel.org/show_bug.cgi?id=120671 Reported-by: Michał Zegan <webczat_200@poczta.onet.pl> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Michael Kerrisk <mtk.manpages@gmail.com> 2016-06-26 16:11:30 +0200
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2016-06-26 16:11:30 +0200
commit: 7e52299f66d95021cad783c7fcf7cebb8ece0dfd (patch)
tree: 32bee4f3c839a0a4aaa5593de764abd65bed7d59 /man7/user_namespaces.7
parent: 8a9fb19dbd1a033e3e0552b7bf8a754f9d7c8896 (diff)
download: man-pages-7e52299f66d95021cad783c7fcf7cebb8ece0dfd.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7
index 6ab9b7ede2..0de5137974 100644
--- a/man7/user_namespaces.7
+++ b/man7/user_namespaces.7
@@ -262,6 +262,12 @@ and mount the following types of filesystems:
 .PD
 .RE
 .PP
+Holding
+.B CAP_SYS_ADMIN
+within the user namespace associated with a process's cgroup namespace
+allows (since Linux 4.6)
+that process to mount cgroup filesystems.
+
 Note however, that mounting block-based filesystems can be done
 only by a process that holds
 .BR CAP_SYS_ADMIN
author	Michael Kerrisk <mtk.manpages@gmail.com>	2016-06-26 16:11:30 +0200
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2016-06-26 16:11:30 +0200
commit	7e52299f66d95021cad783c7fcf7cebb8ece0dfd (patch)
tree	32bee4f3c839a0a4aaa5593de764abd65bed7d59 /man7/user_namespaces.7
parent	8a9fb19dbd1a033e3e0552b7bf8a754f9d7c8896 (diff)
download	man-pages-7e52299f66d95021cad783c7fcf7cebb8ece0dfd.tar.gz