diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7
index 1bd398cf5..e223bf300 100644
--- a/man7/user_namespaces.7
+++ b/man7/user_namespaces.7
@@ -205,13 +205,17 @@ has all capabilities in the namespace.
 By virtue of the previous rule,
 this means that the process has all capabilities in all
 further removed descendant user namespaces as well.
-.PP
+.\"
+.\" ============================================================
+.\"
+.SS Effect of capabilities within a user namespace
 Having a capability inside a user namespace
 permits a process to perform operations (that require privilege)
 only on resources governed by that namespace.
 In other words, having a capability in a user namespace permits a process
 to perform privileged operations on resources that are governed by (nonuser)
 namespaces associated with the user namespace (see the next subsection).
+
 On the other hand, there are many privileged operations that affect
 resources that are not associated with any namespace type,
 for example, changing the system time (governed by