mirror of https://github.com/mkerrisk/man-pages
user_namespaces.7: CAP_SYS_ADMIN allows mounting cgroup filesystems
See https://bugzilla.kernel.org/show_bug.cgi?id=120671 Reported-by: Michał Zegan <webczat_200@poczta.onet.pl> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk
parent
8a9fb19dbd
commit
7e52299f66
|
|
@ -262,6 +262,12 @@ and mount the following types of filesystems:
|
|||
.PD
|
||||
.RE
|
||||
.PP
|
||||
Holding
|
||||
.B CAP_SYS_ADMIN
|
||||
within the user namespace associated with a process's cgroup namespace
|
||||
allows (since Linux 4.6)
|
||||
that process to mount cgroup filesystems.
|
||||
|
||||
Note however, that mounting block-based filesystems can be done
|
||||
only by a process that holds
|
||||
.BR CAP_SYS_ADMIN
|
||||
|
|
|
|||
Loading…
Reference in New Issue