From 5bea231de37a8dddc73aa34dd786de58fa37088e Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Mon, 25 Feb 2013 18:39:13 +0100
Subject: [PATCH] capabilities.7: Document CAP_SETUID and CAP_SETGID for user
 namespace mappings

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man7/capabilities.7 | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/man7/capabilities.7 b/man7/capabilities.7
index 2f5570aa5..e17bc3a3f 100644
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@@ -251,7 +251,9 @@ bind to any address for transparent proxying.
 .TP
 .B CAP_SETGID
 Make arbitrary manipulations of process GIDs and supplementary GID list;
-forge GID when passing socket credentials via UNIX domain sockets.
+forge GID when passing socket credentials via UNIX domain sockets;
+write a group ID mapping in a user namespace (see
+.BR namespaces (7)).
 .TP
 .BR CAP_SETFCAP " (since Linux 2.6.24)"
 Set file capabilities.
@@ -283,7 +285,9 @@ Make arbitrary manipulations of process UIDs
 .BR setreuid (2),
 .BR setresuid (2),
 .BR setfsuid (2));
-make forged UID when passing socket credentials via UNIX domain sockets.
+make forged UID when passing socket credentials via UNIX domain sockets;
+write a user ID mapping in a user namespace (see
+.BR namespaces (7)).
 .\" FIXME CAP_SETUID also an effect in exec(); document this.
 .TP
 .B CAP_SYS_ADMIN