From 00ae99b028e5b9ad3f747d5a120848671e0388c2 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Sun, 1 Jul 2018 11:40:26 +0200
Subject: [PATCH] capabilities.7: Fix some imprecisions in discussion of
 namespaced file capabilities

The file UID does not come into play when creating a v3
security.capability extended attribute.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man7/capabilities.7 | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/man7/capabilities.7 b/man7/capabilities.7
index 6477e2c14..cae1d9f04 100644
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@@ -1532,17 +1532,13 @@ Namespaced file capabilities are recorded as version 3 (i.e.,
 .BR VFS_CAP_REVISION_3 )
 .I security.capability
 extended attributes.
-Such an attribute is automatically created when a process that resides
-in a noninitial user namespace associates
-.RB ( setxattr (2))
-file capabilities with a file whose user ID matches
-the user ID of the creator of the namespace.
-In this case,
+Such an attribute is automatically created in the circumstances described
+above under "File capability extended attribute versioning".
+When a version 3
+.I security.capability
+extended attribute is created,
 the kernel records not just the capability masks in the extended attribute,
 but also the namespace root user ID.
-For further details, see
-.IR "File capability mask versioning" ,
-above.
 .PP
 As with a binary that has
 .BR VFS_CAP_REVISION_2