unshare.2: Relocate discussion of CAP_SYS_ADMIN to CLONE_NEWNS section

And rewrite the EPERM description to be more general in preparation for the new flags to be documented. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-10-24 16:02:24 +02:00 · 2010-10-24 16:02:24 +02:00 · 486d4e9b99
parent c8e4c1bdc3
commit 486d4e9b99
1 changed files with 8 additions and 8 deletions
--- a/man2/unshare.2
+++ b/man2/unshare.2
@ -18,7 +18,7 @@
 .\" FIXME Document CLONE_NEWUTS, which is new in 2.6.19
 .\" FIXME Document CLONE_SYSVSEM, which is new in 2.6.26
 .\"
-.TH UNSHARE 2 2010-09-10 "Linux" "Linux Programmer's Manual"
+.TH UNSHARE 2 2010-10-24 "Linux" "Linux Programmer's Manual"
 .SH NAME
 unshare \- disassociate parts of the process execution context
 .SH SYNOPSIS
@ -91,11 +91,16 @@ its namespace which is not shared with any other process.
 Specifying this flag automatically implies
 .B CLONE_FS
 as well.
+Use of
+.BR CLONE_NEWNS
+requires the
+.BR CAP_SYS_ADMIN
+capability.
 .\" As at 2.6.16, the following forced implications also apply,
 .\" although the relevant flags are not yet implemented.
 .\" If CLONE_THREAD is set force CLONE_VM.
 .\" If CLONE_VM is set, force CLONE_SIGHAND.
-.\" If CLONE_SIGHAND is set and signals are also being shared
+.\" CLONE_NEWNSIf CLONE_SIGHAND is set and signals are also being shared
 .\" (i.e., current->signal->count > 1), force CLONE_THREAD.
 .\"
 .\" FIXME . CLONE_VM is not (yet, as at 2.6.16) implemented.
@ -136,12 +141,7 @@ Cannot allocate sufficient memory to copy parts of caller's
 context that need to be unshared.
 .TP
 .B EPERM
-.I flags
-specified
-.B CLONE_NEWNS
-but the calling process was not privileged (did not have the
-.B CAP_SYS_ADMIN
-capability).
+The calling process did not have the required privileges for this operation.
 .SH VERSIONS
 The
 .BR unshare ()