clone.2, namespaces.7: Move some CLONE_NEWNET text from clone.2 to namespaces.7

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

man2/clone.2

@@ -346,10 +346,11 @@ When a network namespace is freed
 (i.e., when the last process in the namespace terminates),
 its physical network devices are moved back to the
 initial network namespace (not to the parent of the process).
+For further information on network namespaces, see
+.BR namespaces (7).
 
-Use of this flag requires: a kernel configured with the
-.B CONFIG_NET_NS
-option and that the process be privileged
+Use of this flag requires
+that the process be privileged
 .RB ( CAP_SYS_ADMIN ).
 .TP
 .BR CLONE_NEWNS " (since Linux 2.4.19)"

man7/namespaces.7

@@ -201,6 +201,30 @@ directory,
 .I /sys/class/net 
 directory, port numbers, and so on.
 
+A network namespace provides an isolated view of the networking stack
+(network device interfaces, IPv4 and IPv6 protocol stacks,
+IP routing tables, firewall rules, the
+.I /proc/net
+and
+.I /sys/class/net
+directory trees, sockets, etc.).
+A physical network device can live in exactly one
+network namespace.
+A virtual network device ("veth") pair provides a pipe-like abstraction
+.\" FIXME Add pointer to veth(4) page when it is eventually completed
+that can be used to create tunnels between network namespaces,
+and can be used to create a bridge to a physical network device
+in another namespace.
+
+When a network namespace is freed
+(i.e., when the last process in the namespace terminates),
+its physical network devices are moved back to the
+initial network namespace (not to the parent of the process).
+
+Use of network namespaces requires a kernel that is configured with the
+.B CONFIG_NET_NS
+option.
+
 .SS Mount namespaces (CLONE_NEWNS)
 
 Mount namespaces isolate the set of file system mount points,