capabilities.7: CAP_SYS_CHROOT allows use of setns() to change the mount namespace

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Michael Kerrisk <mtk.manpages@gmail.com> 2019-02-15 10:16:36 +0100
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2019-02-23 22:03:20 +0100
commit: 4312e0cb67183fd64efe6b35fb5d5a2a8494afbc (patch)
tree: 4be3689a14fb943fa9b684f380287aaefe913bab /man7
parent: dd61e8a8f4518c35ddc1a06defcdccf14209ace9 (diff)
download: man-pages-4312e0cb67183fd64efe6b35fb5d5a2a8494afbc.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/man7/capabilities.7 b/man7/capabilities.7
index 5346513660..53ce04e642 100644
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@@ -487,9 +487,16 @@ and
 .BR kexec_load (2).
 .TP
 .B CAP_SYS_CHROOT
+.RS
+.PD 0
+.IP * 2
 Use
-.BR chroot (2).
-.\" FIXME . There is a use case in mntns_install()
+.BR chroot (2);
+.IP *
+change mount namespaces using
+.BR setns (2).
+.PD
+.RE
 .TP
 .B CAP_SYS_MODULE
 .RS
author	Michael Kerrisk <mtk.manpages@gmail.com>	2019-02-15 10:16:36 +0100
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2019-02-23 22:03:20 +0100
commit	4312e0cb67183fd64efe6b35fb5d5a2a8494afbc (patch)
tree	4be3689a14fb943fa9b684f380287aaefe913bab /man7
parent	dd61e8a8f4518c35ddc1a06defcdccf14209ace9 (diff)
download	man-pages-4312e0cb67183fd64efe6b35fb5d5a2a8494afbc.tar.gz