From 10b547c577422f08baa4197fa4041cd2f4323fe4 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Sat, 7 May 2016 09:15:19 +0200
Subject: [PATCH] cgroup_namespaces.7: Note another of the benefits of cgroup
 namespaces

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man7/cgroup_namespaces.7 | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/man7/cgroup_namespaces.7 b/man7/cgroup_namespaces.7
index 2be48893d..81f99e78f 100644
--- a/man7/cgroup_namespaces.7
+++ b/man7/cgroup_namespaces.7
@@ -156,6 +156,16 @@ Such leakages could, for example,
 reveal information about the container framework
 to containerized applications.
 .IP *
+It eases tasks such as container migration.
+The virtualization provided by cgroup namespaces
+allows containers to be isolated from knowledge of
+the pathnames of ancestor cgroups.
+Without such isolation,
+the full cgroup pathnames would need to be replicated on the target
+system when migrating a container;
+those pathnames would also need to be unique,
+so that they don't conflict with other pathnames on the target system.
+.IP *
 It allows better confinement of containererized processes,
 because it is possible to mount the container's cgroup filesystems such that
 the container processes can't gain access to ancestor cgroup directories.