setns.2: Note capability requirements for changing network, IPC, or UTS namespace

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-05-16 23:04:02 +02:00 · 2018-05-16 23:04:02 +02:00 · ac79419503
parent b4e192495b
commit ac79419503
1 changed files with 7 additions and 0 deletions
--- a/man2/setns.2
+++ b/man2/setns.2
@ -173,6 +173,13 @@ Using
 .BR setns ()
 to change the caller's cgroup namespace does not change
 the caller's cgroup memberships.
+.TP
+Network, IPC, and UTS namespaces
+In order to reassociate itself with a new network, IPC, or UTS namespace,
+the calling process must have the
+.B CAP_SYS_ADMIN
+capability both in its own user namespace and in the user namespace
+that owns the target namespace.
 .SH RETURN VALUE
 On success,
 .BR setns ()