user_namespaces.7: Add a subsection heading for effects of capabilities in user NS

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-21 13:28:29 +02:00 · 2016-06-21 13:28:29 +02:00 · 2304b0d740
parent 89070c1a7c
commit 2304b0d740
1 changed files with 5 additions and 1 deletions
--- a/man7/user_namespaces.7
+++ b/man7/user_namespaces.7
@ -205,13 +205,17 @@ has all capabilities in the namespace.
 By virtue of the previous rule,
 this means that the process has all capabilities in all
 further removed descendant user namespaces as well.
-.PP
+.\"
+.\" ============================================================
+.\"
+.SS Effect of capabilities within a user namespace
 Having a capability inside a user namespace
 permits a process to perform operations (that require privilege)
 only on resources governed by that namespace.
 In other words, having a capability in a user namespace permits a process
 to perform privileged operations on resources that are governed by (nonuser)
 namespaces associated with the user namespace (see the next subsection).
+
 On the other hand, there are many privileged operations that affect
 resources that are not associated with any namespace type,
 for example, changing the system time (governed by