seteuid.2: Note user namespace requirements for CAP_SETUID and CAP_SETGID

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

man2/seteuid.2

@@ -83,20 +83,23 @@ it is a grave security error to omit checking for a failure return from
 The target user or group ID is not valid in this user namespace.
 .TP
 .B EPERM
-The calling process is not privileged (Linux: does not have the
+In the case of
-.B CAP_SETUID
+.BR seteuid ():
-capability in the case of
+the calling process is not privileged (does not have the
-.BR seteuid (),
+.BR CAP_SETUID
-or the
+capability in its user namespace) and
-.B CAP_SETGID
-capability in the case of
-.BR setegid ())
-and
 .I euid
-(respectively,
+does not match the current real user ID, current effective user ID,
-.IR egid )
+or current saved set-user-ID.
-is not the real user (group) ID, the effective user (group) ID,
+
-or the saved set-user-ID (saved set-group-ID).
+In the case of
+.BR setegid ():
+the calling process is not privileged (does not have the
+.BR CAP_SETGID
+capability in its user namespace) and
+.I egid
+does not match the current real group ID, current effective group ID,
+or current saved set-group-ID.
 .SH CONFORMING TO
 POSIX.1-2001, POSIX.1-2008, 4.3BSD.
 .SH NOTES