diff options
| -rw-r--r-- | man7/namespaces.7 | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/man7/namespaces.7 b/man7/namespaces.7 index 31d7b1fd1d..fbf41f4926 100644 --- a/man7/namespaces.7 +++ b/man7/namespaces.7 @@ -660,6 +660,8 @@ The process must have the .BR CAP_SETUID .RB ( CAP_SETGID ) capability in the parent user namespace. +This prevents an unprivileged process from mapping to arbitrary UIDs (GIDs) +in the parent user namespace. There is an exception to this requirement: a process writing to .I uid_map |