user_namespaces.7: Additions from Andy Lutomirski

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

man7/user_namespaces.7

@@ -215,6 +215,12 @@ and mount, PID, IPC, network, and UTS namespaces can be created with just the
 .B CAP_SYS_ADMIN
 capability in the caller's user namespace.
 
+When a non-user-namespace is created,
+it is owned by the user namespace in which the creating process
+was a member at the time of the creation of the namespace.
+Actions on the non-user-namespace
+require capabilities in the corresponding user namespace.
+
 If
 .BR CLONE_NEWUSER
 is specified along with other