From 2304b0d740d7d7cdf8a9bc98549d0ac66b9394b8 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Tue, 21 Jun 2016 13:28:29 +0200
Subject: [PATCH] user_namespaces.7: Add a subsection heading for effects of
 capabilities in user NS

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man7/user_namespaces.7 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7
index 1bd398cf5..e223bf300 100644
--- a/man7/user_namespaces.7
+++ b/man7/user_namespaces.7
@@ -205,13 +205,17 @@ has all capabilities in the namespace.
 By virtue of the previous rule,
 this means that the process has all capabilities in all
 further removed descendant user namespaces as well.
-.PP
+.\"
+.\" ============================================================
+.\"
+.SS Effect of capabilities within a user namespace
 Having a capability inside a user namespace
 permits a process to perform operations (that require privilege)
 only on resources governed by that namespace.
 In other words, having a capability in a user namespace permits a process
 to perform privileged operations on resources that are governed by (nonuser)
 namespaces associated with the user namespace (see the next subsection).
+
 On the other hand, there are many privileged operations that affect
 resources that are not associated with any namespace type,
 for example, changing the system time (governed by