From c5af06740669ccb42b20aabada6c8637bb19ef0d Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Thu, 28 Apr 2016 14:34:58 +0200
Subject: [PATCH] clone.2: Document CLONE_NEWCGROUP

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man2/clone.2 | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/man2/clone.2 b/man2/clone.2
index 908861755..721459243 100644
--- a/man2/clone.2
+++ b/man2/clone.2
@@ -258,6 +258,22 @@ If the kernel is not configured with the
 .B CONFIG_BLOCK
 option, this flag is a no-op.
 .TP
+.BR CLONE_NEWCGROUP " (since Linux 4.6)"
+Create the process in a new cgroup namespace.
+If this flag is not set, then (as with
+.BR fork (2))
+the process is created in the same cgroup namespaces as the calling process.
+This flag is intended for the implementation of containers.
+
+For further information on cgroup namespaces, see
+.BR cgroups (7).
+
+Only a privileged process
+.RB ( CAP_SYS_ADMIN )
+can employ
+.BR CLONE_NEWCGROUP .
+.\"
+.TP
 .BR CLONE_NEWIPC " (since Linux 2.6.19)"
 If
 .B CLONE_NEWIPC
@@ -583,6 +599,9 @@ and was
 altogether in Linux 2.6.38.
 Since then, the kernel silently ignores it without error.
 .\" glibc 2.8 removed this defn from bits/sched.h
+Starting with Linux 4.6, the same bit was reused for the
+.BR CLONE_NEWCGROUP
+flag.
 .TP
 .BR CLONE_SYSVSEM " (since Linux 2.5.10)"
 If