-==================== Changes in man-pages-4.07 ====================

-Released: 2016-07-17, Ulm

-Alec Leamas <leamas.alec@gmail.com>

-Andrey Vagin <avagin@openvz.org>

-Andy Lutomirski <luto@amacapital.net>

-Carsten Grohmann <carstengrohmann@gmx.de>

-Chris Gassib <position0x45@hotmail.com>

-Christoph Hellwig <hch@lst.de>

-Darren Hart <dvhart@infradead.org>

-Darrick J. Wong <darrick.wong@oracle.com>

-Élie Bouttier <elie@bouttier.eu>

-Eric Biggers <ebiggers3@gmail.com>

-Eric W. Biederman <ebiederm@xmission.com>

-Florian Weimer <fweimer@redhat.com>

-Håkon Sandsmark <hsandsma@cisco.com>

-Iustin Pop <iustin@k1024.org>

-Jacob Willoughby <jacob@spacemonkey.com>

-Jakub Wilk <jwilk@jwilk.net>

-James H Cownie <james.h.cownie@intel.com>

-Jann Horn <jann@thejh.net>

-John Wiersba <jrw32982@yahoo.com>

-Jörn Engel <joern@purestorage.com>

-Josh Triplett <josh@kernel.org>

-Kai Mäkisara <kai.makisara@kolumbus.fi>

-Kees Cook <keescook@chromium.org>

-Keno Fischer <keno@juliacomputing.com>

-Li Peng <lip@dtdream.com>

-Marko Kevac <marko@kevac.org>

-Marko Myllynen <myllynen@redhat.com>

-Michael Kerrisk <mtk.manpages@gmail.com>

-Michał Zegan <webczat_200@poczta.onet.pl>

-Miklos Szeredi <mszeredi@redhat.com>

-Mitch Walker <mitch@gearnine.com>

-Neven Sajko <nsajko@gmail.com>

-Nikos Mavrogiannopoulos <nmav@redhat.com>

-Omar Sandoval <osandov@fb.com>

-Ori Avtalion <ori@avtalion.name>

-Rahul Bedarkar <rahulbedarkar89@gmail.com>

-Robin Kuzmin <kuzmin.robin@gmail.com>

-Rob Landley <rob@landley.net>

-Shawn Landden <shawn@churchofgit.com>

-Stefan Puiu <stefan.puiu@gmail.com>

-Stephen Smalley <sds@tycho.nsa.gov>

-Szabolcs Nagy <szabolcs.nagy@arm.com>

-Thomas Gleixner <tglx@linutronix.de>

-Tobias Stoeckmann <tobias@stoeckmann.org>

-Tom Callaway <tcallawa@redhat.com>

-Tom Gundersen <teg@jklm.no>

-Vince Weaver <vincent.weaver@maine.edu>

-W. Trevor King <wking@tremily.us>

-"Yuming Ma(马玉明)" <mayuming@le.com>

-ioctl_fideduperange.2

- Darrick J. Wong [Christoph Hellwig, Michael Kerrisk]

- New page documenting the FIDEDUPERANGE ioctl

- Document the FIDEDUPERANGE ioctl, formerly known as

- BTRFS_IOC_EXTENT_SAME.

-

-ioctl_ficlonerange.2

- Darrick J. Wong [Christoph Hellwig, Michael Kerrisk]

- New page documenting FICLONE and FICLONERANGE ioctls

- Document the FICLONE and FICLONERANGE ioctls, formerly known as

- the BTRFS_IOC_CLONE and BTRFS_IOC_CLONE_RANGE ioctls.

-

-nextup.3

- Michael Kerrisk

- New page documenting nextup(), nextdown(), and related functions

-

-mount_namespaces.7

- Michael Kerrisk [Michael Kerrisk]

- New page describing mount namespaces

-

-mount.2

- Michael Kerrisk

- Document flags used to set propagation type

- Document MS_SHARED, MS_PRIVATE, MS_SLAVE, and MS_UNBINDABLE.

- Michael Kerrisk

- Document the MS_REC flag

-

-ptrace.2

- Michael Kerrisk [Kees Cook, Jann Horn, Eric W. Biederman, Stephen Smalley]

- Document ptrace access modes

-

-proc.5

- Michael Kerrisk

- Document /proc/[pid]/timerslack_ns

- Michael Kerrisk

- Document /proc/PID/status 'Ngid' field

- Michael Kerrisk

- Document /proc/PID/status fields: 'NStgid', 'NSpid', 'NSpgid', 'NSsid'

- Michael Kerrisk

- Document /proc/PID/status 'Umask' field

-

-nextdown.3

-nextdownf.3

-nextdownl.3

-nextupf.3

-nextupl.3

- Michael Kerrisk

- New links to nextup(3)

-ldd.1

- Michael Kerrisk

- Add a little more detail on why ldd is unsafe with untrusted executables

- Michael Kerrisk

- Add more detail on the output of ldd

-

-localedef.1

- Marko Myllynen

- Drop --old-style description

- The glibc upstream decided to drop localedef(1) --old-style

- option [1] altogether, I think we can do the same with

- localedef(1), the option hasn't done anything in over 16

- years and I doubt anyone uses it.

-

-add_key.2

- Mitch Walker

- Empty payloads are not allowed in user-defined keys

-

-chroot.2

- Michael Kerrisk

- SEE ALSO: add pivot_root(2)

-

-clone.2

- Michael Kerrisk

- Add reference to mount_namespaces(7) under CLONE_NEWNS description

-

-fork.2

- Michael Kerrisk

- Add ENOMEM error for PID namespace where "init" has died

-

-futex.2

- Michael Kerrisk

- Correct an ENOSYS error description

- Since Linux 4.5, FUTEX_CLOCK_REALTIME is allowed with FUTEX_WAIT.

- Michael Kerrisk [Darren Hart]

- Remove crufty text about FUTEX_WAIT_BITSET interpretation of timeout

- Since Linux 4.5, FUTEX_WAIT also understands

- FUTEX_CLOCK_REALTIME.

- Michael Kerrisk [Thomas Gleixner]

- Explain how to get equivalent of FUTEX_WAIT with an absolute timeout

- Michael Kerrisk

- Describe FUTEX_BITSET_MATCH_ANY

- Describe FUTEX_BITSET_MATCH_ANY and FUTEX_WAIT and FUTEX_WAKE

- equivalences.

- Michael Kerrisk

- Note that at least one bit must be set in mask for BITSET operations

- At least one bit must be set in the 'val3' mask supplied for the

- FUTEX_WAIT_BITSET and FUTEX_WAKE_BITSET operations.

- Michael Kerrisk [Thomas Gleixner, Darren Hart]

- Fix descriptions of various timeouts

- Michael Kerrisk

- Clarify clock default and choices for FUTEX_WAIT

-

-getitimer.2

- Michael Kerrisk

- Substantial rewrites to various parts of the page

- Michael Kerrisk [Tom Callaway]

- Change license to note that page may be modified

- The page as originally written carried text that said the page may

- be freely distributed but made no statement about modification.

- In the 20+ years since it was first written, the page has in fact

- seen repeated, sometimes substantial, modifications, and only a

- small portion of the original text remains. One could I suppose

- rewrite the last few pieces that remain from the original,

- but as the largest contributor to the pages existing text,

- I'm just going to relicense it to explicitly note that

- modification is permitted. (I presume the failure by the

- original author to grant permission to modify was simply an

- oversight; certainly, the large number of people who have

- changed the page have taken that to be the case.)

-

- See also https://bugzilla.kernel.org/show_bug.cgi?id=118311

-

-get_mempolicy.2

- Michael Kerrisk [Jörn Engel]

- Correct rounding to 'maxnodes' (bits, not bytes)

- Michael Kerrisk [Jörn Engel]

- Fix prototype for get_mempolicy()

- In numaif.h, 'addr' is typed as 'void *'

-

-getpriority.2

- Michael Kerrisk

- Make discussion of RLIMIT_NICE more prominent

- The discussion of RLIMIT_NICE was hidden under the EPERM error,

- where it was difficult to find. Place some relevant text in

- DESCRIPTION.

- Michael Kerrisk

- Note that getpriority()/setpriority deal with same attribute as nice(2)

- Michael Kerrisk [Robin Kuzmin]

- Clarify equivalence between lower nice value and higher priority

-

-get_robust_list.2

- Michael Kerrisk

- get_robust_list() is governed by PTRACE_MODE_READ_REALCREDS

-

-ioctl.2

- Michael Kerrisk

- SEE ALSO: add ioctl_fideduperange(2) and ioctl_ficlonerange(2)

-

-kcmp.2

- Michael Kerrisk

- kcmp() is governed by PTRACE_MODE_READ_REALCREDS

- Shawn Landden

- Note about SECURITY_YAMA

-kill.2

- Michael Kerrisk [John Wiersba]

- Clarify the meaning if sig==0

-

-lookup_dcookie.2

- Michael Kerrisk

- SEE ALSO: add oprofile(1)

-

-mmap.2

- Michael Kerrisk [Rahul Bedarkar]

- EXAMPLE: for completeness, add munmap() and close() calls

-

-mount.2

- Michael Kerrisk

- Restructure discussion of 'mountflags' into functional groups

- The existing text makes no differentiation between different

- "classes" of mount flags. However, certain flags such as

- MS_REMOUNT, MS_BIND, MS_MOVE, etc. determine the general

- type of operation that mount() performs. Furthermore, the

- choice of which class of operation to perform is performed in

- a certain order, and that order is significant if multiple

- flags are specified. Restructure and extend the text to

- reflect these details.

- Michael Kerrisk

- Relocate text on multimounting and mount stacking to NOTES

- The text was somewhat out of place in its previous location;

- NOTES is a better location.

- Michael Kerrisk

- Remove version numbers attached to flags that are modifiable on remount

- This information was simply bogus. Mea culpa.

- Michael Kerrisk

- Refer reader to mount_namespaces(7) for details on propagation types

- Michael Kerrisk

- SEE ALSO: s/namespaces(7)/mount_namespaces(7)/

- Omar Sandoval

- MS_BIND still ignores mountflags

- This is clear from the do_mount() function in the kernel as of v4.6.

- Michael Kerrisk

- Note the default treatment of ATIME flags during MS_REMOUNT

- The behavior changed in Linux 3.17.

- Michael Kerrisk

- Clarify that MS_MOVE ignores remaining bits in 'mountflags'

- Michael Kerrisk

- Note kernel version that added MS_MOVE

- Michael Kerrisk

- MS_NOSUID also disables file capabilities

- Michael Kerrisk

- Relocate/demote/rework text on MS_MGC_VAL

- The use of this constant has not been needed for 15 years now.

- Michael Kerrisk

- Clarify that 'source' and 'target' are pathnames, and can refer to files

- Michael Kerrisk

- Update example list of filesystem types

- Put more modern examples in; remove many older examples.

- Michael Kerrisk

- MS_LAZYTIME and MS_RELATIME can be changed on remount

- Michael Kerrisk

- Explicitly note that MS_DIRSYNC setting cannot be changed on remount

- Michael Kerrisk

- Move text describing 'data' argument higher up in page

- In preparation for other reworking.

- Michael Kerrisk

- Since Linux 2.6.26, bind mounts can be made read-only

-

-open.2

- Eric Biggers

- Refer to correct functions in description of O_TMPFILE

-

-pciconfig_read.2

- Michael Kerrisk [Tom Callaway]

- Change license to note that page may be modified

- Niki Rahimi, the author of this page, has agreed that it's okay

- to change the license to note that the page can be modified.

-

- See https://bugzilla.kernel.org/show_bug.cgi?id=118311

-

-perf_event_open.2

- Michael Kerrisk

- If pid > 0, the operation is governed by PTRACE_MODE_READ_REALCREDS

- Jann Horn

- Document new perf_event_paranoid default

- Keno Fischer [Vince Weaver]

- Add a note that dyn_size is omitted if size == 0

- The perf_output_sample_ustack in kernel/events/core.c only writes

- a single 64 bit word if it can't dump the user registers. From the

- current version of the man page, I would have expected two 64 bit

- words (one for size, one for dyn_size). Change the man page to

- make this behavior explicit.

-

-prctl.2

- Michael Kerrisk

- Some wording improvements in timer slack description

- Michael Kerrisk

- Refer reader to discussion of /proc/[pid]/timerslack_ns

- Under discussion of PR_SET_TIMERSLACK, refer the reader to

- the /proc/[pid]/timerslack_ns file, documented in proc(5).

-

-preadv2.2

- Michael Kerrisk

- New link to readv(2)

- This link should have been added in the previous release...

-

-process_vm_readv.2

- Michael Kerrisk

- Rephrase permission rules in terms of a ptrace access mode check

-

-ptrace.2

- Michael Kerrisk [Jann Horn]

- Update Yama ptrace_scope documentation

- Reframe the discussion in terms of PTRACE_MODE_ATTACH checks,

- and make a few other minor tweaks and additions.

- Michael Kerrisk, Jann Horn

- Note that user namespaces can be used to bypass Yama protections

- Michael Kerrisk

- Note that PTRACE_SEIZE is subject to a ptrace access mode check

- Michael Kerrisk

- Rephrase PTRACE_ATTACH permissions in terms of ptrace access mode check

-

-pwritev2.2

- Michael Kerrisk

- New link to readv(2)

- This link should have been added in the previous release...

-

-quotactl.2

- Michael Kerrisk [Jacob Willoughby]

- 'dqb_curspace' is in bytes, not blocks

- This error appears to have been injected into glibc

- when copying some headers from BSD.

-

- See https://bugs.debian.org/825548

-

-recv.2

- Michael Kerrisk [Tom Gundersen]

- With pending 0-length datagram read() and recv() with flags == 0 differ

-

-setfsgid.2

-setfsuid.2

- Jann Horn [Michael Kerrisk]

- Fix note about errors from the syscall wrapper

- See sysdeps/unix/sysv/linux/i386/setfsuid.c in glibc-2.2.1.

- (This code is not present in modern glibc anymore.)

- Michael Kerrisk

- Move glibc wrapper notes to "C library/kernel differences" subsection

-

-sysinfo.2

- Michael Kerrisk

- Rewrite and update various pieces

-

-umask.2

- Michael Kerrisk

- NOTES: Mention /proc/PID/status 'Umask' field

-

-umount.2

- Michael Kerrisk

- SEE ALSO: add mount_namespaces(7)

-

-unshare.2

- Michael Kerrisk

- Add reference to mount_namespaces(7) under CLONE_NEWNS description

-

-utimensat.2

- Michael Kerrisk [Rob Landley]

- Note that the glibc wrapper disallows pathname==NULL

-

-wait.2

- Michael Kerrisk

- Since Linux 4.7, __WALL is implied if child being ptraced

- Michael Kerrisk

- waitid() now (since Linux 4.7) also supports __WNOTHREAD/__WCLONE/__WALL

-

-assert.3

- Nikos Mavrogiannopoulos

- Improved description

- Removed text referring to text not being helpful to users. Provide

- the error text instead to allow the reader to determine whether it

- is helpful. Recommend against using NDEBUG for programs to

- exhibit deterministic behavior. Moved description ahead of

- recommendations.

- Michael Kerrisk

- Clarify details of message printed by assert()

-

-fmax.3

-fmin.3

- Michael Kerrisk

- SEE ALSO: add fdim(3)

-

-getauxval.3

- Cownie, James H

- Correct AT_HWCAP result description

-

-inet_pton.3

- Stefan Puiu

- Mention byte order

- Come to think of it, this probably applies to IPv6 as well. Moving to

- the paragraph before:

-

-malloc_hook.3

- Michael Kerrisk

- glibc 2.24 removes __malloc_initialize_hook

-

-memmem.3

- Michael Kerrisk [Shawn Landden]

- Note that memmem() is present on some other systems

-

-mkdtemp.3

-mktemp.3

- Michael Kerrisk

- SEE ALSO: add mktemp(1)

-

-printf.3

- Michael Kerrisk [Shawn Landden]

- Note support in other C libraries for %m and %n

-

-strcasecmp.3

- Michael Kerrisk [Ori Avtalion]

- Make details of strncasecmp() comparison clearer

-

-strcat.3

- Michael Kerrisk

- Add a program that shows the performance characteristics of strcat()

- In honor of Joel Spolksy's visit to Munich, let's start educating

- Schlemiel The Painter.

-

-strtoul.3

- Michael Kerrisk

- SEE ALSO: add a64l(3)

-

-strxfrm.3

- Michael Kerrisk [Florian Weimer]

- Remove NOTES section

- strxfrm() and strncpy() are not precisely equivalent in the

- POSIX locale, so this NOTES section was not really correct.

-

- See https://bugzilla.kernel.org/show_bug.cgi?id=104221

-

-console_codes.4

-console_ioctl.4

-tty.4

-vcs.4

-charsets.7

- Marko Myllynen

- Remove console(4) references

- 0f9e647 removed the obsolete console(4) page but we still have few

- references to it. The patch below removes them or converts to refs

- to concole_ioctl(4) where appropriate.

-

-console_ioctl.4

- Michael Kerrisk [Chris Gassib]

- The argument to KDGETMODE is an 'int'

-

-lirc.4

- Alec Leamas

- Update after upstreamed lirc.h, bugfixes.

-

-st.4

- Kai Mäkisara

- Fix description of read() when block is larger than request

- Kai Mäkisara

- Update MTMKPART for kernels >= 4.6

- Update the description of the MTMKPART operation of MTIOCTOP to match

- the changes in kernel version 4.6.

-

-charmap.5

- Marko Myllynen

- Clarify keyword syntax

- Updates charmap(5) to match the syntax all the glibc

- charmap files are using currently.

-

-elf.5

- Michael Kerrisk

- SEE ALSO: add readelf(1)

-

-locale.5

- Marko Myllynen

- Document missing keywords, minor updates

- Marko Myllynen

- Clarify keyword syntax

- Marko Myllynen

- Adjust conformance

-

-proc.5

-namespaces.7

- Michael Kerrisk

- Move /proc/PID/mounts information to proc(5)

- There was partial duplication, and some extra information

- in namespaces(7). Move everything to proc(5).

-

-proc.5

- Michael Kerrisk

- /proc/PID/fd/* are governed by PTRACE_MODE_READ_FSCREDS

- Permission to dereference/readlink /proc/PID/fd/* symlinks is

- governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.

- Michael Kerrisk

- /proc/PID/timerslack_ns is governed by PTRACE_MODE_ATTACH_FSCREDS

- Permission to access /proc/PID/timerslack_ns is governed by

- a PTRACE_MODE_ATTACH_FSCREDS ptrace access mode check.

- Michael Kerrisk

- Document /proc/PID/{maps,mem,pagemap} access mode checks

- Permission to access /proc/PID/{maps,pagemap} is governed by a

- PTRACE_MODE_READ_FSCREDS ptrace access mode check.

-

- Permission to access /proc/PID/mem is governed by a

- PTRACE_MODE_ATTACH_FSCREDS ptrace access mode check.

- Michael Kerrisk

- Note /proc/PID/stat fields that are governed by PTRACE_MODE_READ_FSCREDS

- Michael Kerrisk

- /proc/PID/{cwd,exe,root} are governed by PTRACE_MODE_READ_FSCREDS

- Permission to dereference/readlink /proc/PID/{cwd,exe,root} is

- governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.

- Michael Kerrisk

- /proc/PID/io is governed by PTRACE_MODE_READ_FSCREDS

- Permission to access /proc/PID/io is governed by

- a PTRACE_MODE_READ_FSCREDS ptrace access mode check.

- Michael Kerrisk

- /proc/PID/{personality,stack,syscall} are governed by PTRACE_MODE_ATTACH_FSCREDS

- Permission to access /proc/PID/{personality,stack,syscall} is

- governed by a PTRACE_MODE_ATTACH_FSCREDS ptrace access mode check.

- Michael Kerrisk

- /proc/PID/{auxv,environ,wchan} are governed by PTRACE_MODE_READ_FSCREDS

- Permission to access /proc/PID/{auxv,environ,wchan} is governed by

- a PTRACE_MODE_READ_FSCREDS ptrace access mode check.

- Michael Kerrisk

- Move shared subtree /proc/PID/mountinfo fields to mount_namespaces(7)

- Move information on shared subtree fields in /proc/PID/mountinfo

- to mount_namespaces(7).

- Michael Kerrisk ["Yuming Ma(马玉明)"]

- Note that /proc/net is now virtualized per network namespace

- Michael Kerrisk

- Add references to mount_namespaces(7)

-

-repertoiremap.5

- Marko Myllynen

- Clarify keyword syntax

-

-utmp.5

- Michael Kerrisk

- SEE ALSO: add logname(1)

-

-capabilities.7

- Michael Kerrisk [Andy Lutomirski]

- Note on SECURE_NO_CAP_AMBIENT_RAISE for capabilities-only environment

- Michael Kerrisk

- Add a detail on use of securebits

-

-cgroup_namespaces.7

- Michael Kerrisk

- SEE ALSO: add namespaces(7)

-

-cgroups.7

- Michael Kerrisk

- ERRORS: add mount(2) EBUSY error

-

-cp1251.7

-cp1252.7

-iso_8859-1.7

-iso_8859-15.7

-iso_8859-5.7

-koi8-r.7

-koi8-u.7

- Marko Myllynen

- Add some charset references

- Add some references to related charsets here and there.

-

-credentials.7

- Michael Kerrisk

- SEE ALSO: add runuser(1)

- SEE ALSO: add newgrp(1)

- SEE ALSO: add sudo(8)

-

-feature_test_macros.7

- Michael Kerrisk

- Emphasize that applications should not directly include <features.h>

-

-man-pages.7

- Michael Kerrisk

- Clarify which sections man-pages provides man pages for

- Michael Kerrisk [Josh Triplett]

- Add a few more details on formatting conventions

- Add some more details for Section 1 and 8 formatting.

- Separate out formatting discussion into commands, functions,

- and "general".

-

-namespaces.7

- Michael Kerrisk

- /proc/PID/ns/* are governed by PTRACE_MODE_READ_FSCREDS

- Permission to dereference/readlink /proc/PID/ns/* symlinks is

- governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.

- Michael Kerrisk

- Nowadays, file changes in /proc/PID/mounts are notified differently

- Exceptional condition for select(), (E)POLLPRI for (e)poll

- Michael Kerrisk

- Remove /proc/PID/mountstats description

- This is a duplicate of information in proc(5).

- Michael Kerrisk

- Refer to new mount_namespaces(7) for information on mount namespaces

-

-netlink.7

- Andrey Vagin

- Describe netlink socket options

- Michael Kerrisk

- Rework version information

- (No changes in technical details.)

-

-pid_namespaces.7

- Michael Kerrisk

- SEE ALSO: add namespaces(7)

-

-unix.7

- Michael Kerrisk

- Move discussion on pathname socket permissions to DESCRIPTION

- Michael Kerrisk

- Expand discussion of socket permissions

- Michael Kerrisk

- Fix statement about permissions needed to connect to a UNIX doain socket

- Read permission is not required (verified by experiment).

- Michael Kerrisk

- Clarify ownership and permissions assigned during socket creation

- Michael Kerrisk [Carsten Grohmann]

- Update text on socket permissions on other systems

- At least some of the modern BSDs seem to check for write

- permission on a socket. (I tested OpenBSD 5.9.) On Solaris 10,

- some light testing suggested that write permission is still

- not checked on that system.

- Michael Kerrisk

- Note that umask / permissions have no effect for abstract sockets

- W. Trevor King

- Fix example code: 'ret' check after accept populates 'data_socket'

- Michael Kerrisk

- Move some abstract socket details to a separate subsection

- Michael Kerrisk

- Note that abstract sockets automatically disappear when FDs are closed

-

-user_namespaces.7

- Michael Kerrisk [Michał Zegan]

- Clarify meaning of privilege in a user namespace

- Having privilege in a user NS only allows privileged

- operations on resources governed by that user NS. Many

- privileged operations relate to resources that have no

- association with any namespace type, and only processes

- with privilege in the initial user NS can perform those

- operations.

-

- See https://bugzilla.kernel.org/show_bug.cgi?id=120671

- Michael Kerrisk [Michał Zegan]

- List the mount operations permitted by CAP_SYS_ADMIN

- List the mount operations permitted by CAP_SYS_ADMIN in a

- noninitial userns.

-

- See https://bugzilla.kernel.org/show_bug.cgi?id=120671

- Michael Kerrisk [Michał Zegan]

- CAP_SYS_ADMIN allows mounting cgroup filesystems

- See https://bugzilla.kernel.org/show_bug.cgi?id=120671

- Michael Kerrisk

- Clarify details of CAP_SYS_ADMIN and cgroup v1 mounts

- With respect to cgroups version 1, CAP_SYS_ADMIN in the user

- namespace allows only *named* hierarchies to be mounted (and

- not hierarchies that have a controller).

- Michael Kerrisk

- Clarify CAP_SYS_ADMIN details for mounting FS_USERNS_MOUNT filesystems

- Michael Kerrisk

- Correct user namespace rules for mounting /proc

- Michael Kerrisk

- Describe a concrete example of capability checking

- Add a concrete example of how the kernel checks capabilities in

- an associated user namespace when a process attempts a privileged

- operation.

- Michael Kerrisk

- Correct kernel version where XFS added support for user namespaces

- Linux 3.12, not 3.11.

- Michael Kerrisk

- SEE ALSO: add ptrace(2)

- SEE ALSO: add cgroup_namespaces(7)

-

-utf-8.7:

- Shawn Landden

- Include RFC 3629 and clarify endianness which is left ambiguous

- The endianness is suggested by the order the bytes are displayed,

- but the text is ambiguous.