user_namespaces.7: Clarify details of CAP_SYS_ADMIN and cgroup v1 mounts

With respect to cgroups version 1, CAP_SYS_ADMIN in the user namespace allows only *named* hierarchies to be mounted (and not hierarchies that have a controller). Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Michael Kerrisk <mtk.manpages@gmail.com> 2016-07-07 14:25:12 +0200
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2016-07-07 14:30:01 +0200
commit: 8c74a1cea4959a2fc0210b6b2bec0a0b531ea06c (patch)
tree: 91e160a0188b43bac34d16043315a0b5a76c7788 /man7/user_namespaces.7
parent: c7e077eaa4badbfc3bd2f6c41a91b8c6ecc22719 (diff)
download: man-pages-8c74a1cea4959a2fc0210b6b2bec0a0b531ea06c.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7
index 8ecbf7f8f6..38f390d130 100644
--- a/man7/user_namespaces.7
+++ b/man7/user_namespaces.7
@@ -266,7 +266,11 @@ Holding
 .B CAP_SYS_ADMIN
 within the user namespace associated with a process's cgroup namespace
 allows (since Linux 4.6)
-that process to mount cgroup filesystems.
+that process to the mount cgroup version 2 filesystem and
+cgroup version 1 named hierarchies
+(i.e., cgroup filesystems mounted with the
+.BR """none,name="""
+option).
 
 Holding
 .B CAP_SYS_ADMIN
author	Michael Kerrisk <mtk.manpages@gmail.com>	2016-07-07 14:25:12 +0200
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2016-07-07 14:30:01 +0200
commit	8c74a1cea4959a2fc0210b6b2bec0a0b531ea06c (patch)
tree	91e160a0188b43bac34d16043315a0b5a76c7788 /man7/user_namespaces.7
parent	c7e077eaa4badbfc3bd2f6c41a91b8c6ecc22719 (diff)
download	man-pages-8c74a1cea4959a2fc0210b6b2bec0a0b531ea06c.tar.gz