From 213e259e97a1cc3c25ba9dc8b704699e348fe7e5 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Mon, 16 Aug 2021 01:59:42 +0200
Subject: [PATCH] user_namespaces.7: Document /proc/PID/projid_map

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man7/user_namespaces.7 | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7
index 3bba32cb5..610fc2782 100644
--- a/man7/user_namespaces.7
+++ b/man7/user_namespaces.7
@@ -669,6 +669,48 @@ Writes that violate the above rules fail with the error
 .\"
 .\" ============================================================
 .\"
+.SS Project ID mappings: projid_map
+Similarly to user and group ID mappings,
+it is possible to create project ID mappings for a user namespace.
+(Project IDs are used for disk quotas; see
+.BR setquota (8)
+and
+.BR quotactl (2).)
+.PP
+Project ID mappings are defined by writing to the
+.I /proc/[pid]/projid_map
+file (present since
+.\" commit f76d207a66c3a53defea67e7d36c3eb1b7d6d61d
+Linux 3.7).
+.PP
+The validity rules for writing to the
+.I /proc/[pid]/projid_map
+file are as for writing to the
+.I uid_map
+file; violation of these rules causes
+.BR write (2)
+to fail with the error
+.BR EINVAL .
+.PP
+The permission rules for writing to the
+.I /proc/[pid]/projid_map
+file are as follows:
+.IP 1. 3
+The writing process must either be in the user namespace of the process
+.I pid
+or be in the parent user namespace of the process
+.IR pid .
+.IP 2.
+The mapped project IDs must in turn have a mapping
+in the parent user namespace.
+.PP
+Violation of these rules causes
+.BR write (2)
+to fail with the error
+.BR EPERM .
+.\"
+.\" ============================================================
+.\"
 .SS Interaction with system calls that change process UIDs or GIDs
 In a user namespace where the
 .I uid_map