clone.2: Document CLONE_NEWCGROUP

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-04-28 14:34:58 +02:00 · 2016-04-28 14:34:58 +02:00 · c5af067406
parent d4d37f0a53
commit c5af067406
1 changed files with 19 additions and 0 deletions
--- a/man2/clone.2
+++ b/man2/clone.2
@ -258,6 +258,22 @@ If the kernel is not configured with the
 .B CONFIG_BLOCK
 option, this flag is a no-op.
 .TP
+.BR CLONE_NEWCGROUP " (since Linux 4.6)"
+Create the process in a new cgroup namespace.
+If this flag is not set, then (as with
+.BR fork (2))
+the process is created in the same cgroup namespaces as the calling process.
+This flag is intended for the implementation of containers.
+
+For further information on cgroup namespaces, see
+.BR cgroups (7).
+
+Only a privileged process
+.RB ( CAP_SYS_ADMIN )
+can employ
+.BR CLONE_NEWCGROUP .
+.\"
+.TP
 .BR CLONE_NEWIPC " (since Linux 2.6.19)"
 If
 .B CLONE_NEWIPC
@ -583,6 +599,9 @@ and was
 altogether in Linux 2.6.38.
 Since then, the kernel silently ignores it without error.
 .\" glibc 2.8 removed this defn from bits/sched.h
+Starting with Linux 4.6, the same bit was reused for the
+.BR CLONE_NEWCGROUP
+flag.
 .TP
 .BR CLONE_SYSVSEM " (since Linux 2.5.10)"
 If