user_namespaces.7: Fixes to example

While toying around with the userns_child_exec example program on the
user_namespaces(7) man page, I noticed two things:

* In the EXAMPLE section, we need to mount the new /proc before
  looking at /proc/$$/status, otherwise the latter will print
  information about the outer namespace's PID 1 (i.e., the real
  init).  So the two paragraphs need to be swapped.

* In the program source, make sure to close pipe_fd[0] in the
  child before exec'ing.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

man7/user_namespaces.7

@@ -970,22 +970,6 @@ bash$ \fBecho $$\fP
 1
 .fi
 .in
-
-Inside the user namespace, the shell has user and group ID 0,
-and a full set of permitted and effective capabilities:
-
-.in +4n
-.nf
-bash$ \fBcat /proc/$$/status | egrep '^[UG]id'\fP
-Uid:	0	0	0	0
-Gid:	0	0	0	0
-bash$ \fBcat /proc/$$/status | egrep '^Cap(Prm|Inh|Eff)'\fP
-CapInh:	0000000000000000
-CapPrm:	0000001fffffffff
-CapEff:	0000001fffffffff
-.fi
-.in
-
 Mounting a new
 .I /proc
 filesystem and listing all of the processes visible
@@ -1001,6 +985,21 @@ bash$ \fBps ax\fP
    22 pts/3    R+     0:00 ps ax
 .fi
 .in
+
+Inside the user namespace, the shell has user and group ID 0,
+and a full set of permitted and effective capabilities:
+
+.in +4n
+.nf
+bash$ \fBcat /proc/$$/status | egrep '^[UG]id'\fP
+Uid:	0	0	0	0
+Gid:	0	0	0	0
+bash$ \fBcat /proc/$$/status | egrep '^Cap(Prm|Inh|Eff)'\fP
+CapInh:	0000000000000000
+CapPrm:	0000001fffffffff
+CapEff:	0000001fffffffff
+.fi
+.in
 .SS Program source
 \&
 .nf
@@ -1178,6 +1177,8 @@ childFunc(void *arg)
         exit(EXIT_FAILURE);
     }
 
+    close(args\->pipe_fd[0]);
+
     /* Execute a shell command */
 
     printf("About to exec %s\\n", args\->argv[0]);