setns.2: Clarify capabilities required for reassociating with a mount namespace

Based on comments from Eric Biederman. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-01-07 10:06:27 +01:00 · 2013-01-07 10:06:27 +01:00 · 21bfe3e933
parent 2a9f74a936
commit 21bfe3e933
1 changed files with 3 additions and 1 deletions
--- a/man2/setns.2
+++ b/man2/setns.2
@ -109,7 +109,9 @@ Changing the mount namespace requires that the caller possess both
 .B CAP_SYS_CHROOT
 and
 .BR CAP_SYS_ADMIN 
-capabilities.
+capabilities in its own user namespace and
+.BR CAP_SYS_ADMIN 
+in the target mount namespace.

 .SH RETURN VALUE
 On success,