From 33a1ab5da1599907e5515361431cf80fff5e1666 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Sat, 11 Jun 2016 11:35:06 +0200
Subject: [PATCH] namespaces.7: /proc/PID/ns/* are governed by
 PTRACE_MODE_READ_FSCREDS

Permission to dereference/readlink /proc/PID/ns/* symlinks is
governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man7/namespaces.7 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/man7/namespaces.7 b/man7/namespaces.7
index a1ad1a14b..5e8f230e1 100644
--- a/man7/namespaces.7
+++ b/man7/namespaces.7
@@ -192,6 +192,13 @@ This file is a handle for the user namespace of the process.
 .TP
 .IR /proc/[pid]/ns/uts " (since Linux 3.0)"
 This file is a handle for the UTS namespace of the process.
+.PP
+Permission to dereference or read
+.RB ( readlink (2))
+these symbolic links is governed by a ptrace access mode
+.B PTRACE_MODE_READ_FSCREDS
+check; see
+.BR ptrace (2).
 .\"
 .\" ==================== Cgroup namespaces ====================
 .\"