From 07361828880eb75ce4c3b73b93ab729ac961d439 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Wed, 10 Jan 2018 00:08:28 +0100
Subject: [PATCH] cgroups.7: Point out that 'nsdelegate' can also be applied on
 a remount

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man7/cgroups.7 | 40 ++++++++++++++++++++++++++--------------
 1 file changed, 26 insertions(+), 14 deletions(-)

diff --git a/man7/cgroups.7 b/man7/cgroups.7
index f28c6146a..962a216c0 100644
--- a/man7/cgroups.7
+++ b/man7/cgroups.7
@@ -941,26 +941,30 @@ the delegatee can also control the further redistribution
 of the corresponding resources into the delegated subtree.
 .\"
 .SS Cgroups v2 delegation: nsdelegate and cgroup namespaces
+Starting with Linux 4.13,
+.\" commit 5136f6365ce3eace5a926e10f16ed2a233db5ba9
+there is a second way to perform cgroup delegation.
+This is done by mounting or remounting the cgroup v2 filesystem with the
+.I nsdelegate
+mount option.
+For example, if the cgroup v2 filesystem has already been mounted,
+we can remount it with the
+.I nsdelegate
+option as follows:
+.PP
+.in +4n
+.EX
+mount -t cgroup2 -o remount,nsdelegate \\
+                 none /sys/fs/cgroup/unified
+.EE
+.in
 .\"
-.\" To test this, it can be useful to boot the kernel with the options:
+.\" ALternatively, we could boot the kernel with the options:
 .\"
 .\"    cgroup_no_v1=all systemd.legacy_systemd_cgroup_controller
 .\"
 .\" The effect of the latter option is to prevent systemd from employing
 .\" its "hybrid" cgroup mode, where it tries to make use of cgroups v2.
-.\"
-Starting with Linux 4.13,
-.\" commit 5136f6365ce3eace5a926e10f16ed2a233db5ba9
-there is a second way to perform cgroup delegation.
-This is done by mounting the cgroup v2 filesystem with the
-.I nsdelegate
-mount option:
-.PP
-.in +4n
-.EX
-$ mount -t cgroup2 -o nsdelegate none /sys/fs/cgroup/unified
-.EE
-.in
 .PP
 The effect of this option is to cause cgroup namespaces
 to automatically become delegation boundaries.
@@ -1026,6 +1030,14 @@ The
 mount option only has an effect when performed in
 the initial mount namespace;
 in other mount namespaces, the option is silently ignored.
+.PP
+.IR Note :
+On some systems,
+.BR systemd (1)
+automatically mounts the cgroup v2 filesystem.
+In order to experiment with the
+.I nsdelegate
+operation, it may be desirable to 
 .\"
 .SS Cgroup v2 delegation containment rules
 Some delegation