From af0cb4bd5412b361c1054acaff8044a5d56fa362 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Mon, 12 Sep 2016 19:25:44 +0100
Subject: [PATCH] raw.7: Clarify user namespace requirements for CAP_NET_RAW

Also remove mention of UID 0 as a method or creating
a raw socket. As far as I can tell from reading the
kernel source (net/ipv4/af_inet.c), this is not true.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man7/raw.7 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/man7/raw.7 b/man7/raw.7
index 50763c47b..69acfec10 100644
--- a/man7/raw.7
+++ b/man7/raw.7
@@ -30,9 +30,9 @@ socket option is enabled on the socket.
 When it is enabled, the packet must contain an IP header.
 For receiving, the IP header is always included in the packet.
 
-Only processes with an effective user ID of 0 or the
+In order to create a raw socket, a process must have the
 .B CAP_NET_RAW
-capability are allowed to open raw sockets.
+capability in the user namespace that governs its network namespace.
 
 All packets or errors matching the
 .I protocol