mirror of https://github.com/mkerrisk/man-pages
user_namespaces.7: Clarify details of CAP_SYS_ADMIN and cgroup v1 mounts
With respect to cgroups version 1, CAP_SYS_ADMIN in the user namespace allows only *named* hierarchies to be mounted (and not hierarchies that have a controller). Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
c7e077eaa4
commit
8c74a1cea4
|
@ -266,7 +266,11 @@ Holding
|
|||
.B CAP_SYS_ADMIN
|
||||
within the user namespace associated with a process's cgroup namespace
|
||||
allows (since Linux 4.6)
|
||||
that process to mount cgroup filesystems.
|
||||
that process to the mount cgroup version 2 filesystem and
|
||||
cgroup version 1 named hierarchies
|
||||
(i.e., cgroup filesystems mounted with the
|
||||
.BR """none,name="""
|
||||
option).
|
||||
|
||||
Holding
|
||||
.B CAP_SYS_ADMIN
|
||||
|
|
Loading…
Reference in New Issue