mirror of https://github.com/mkerrisk/man-pages
namespaces.7: Briefly explain why CAP_SYS_ADMIN is needed to create nonuser namespaces
Reported-by: Tycho Kirchner <tychokirchner@mail.de> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
29af6f1a59
commit
d45e85a94b
|
@ -109,7 +109,10 @@ and
|
|||
.BR unshare (2)
|
||||
in most cases requires the
|
||||
.BR CAP_SYS_ADMIN
|
||||
capability.
|
||||
capability, since, in the new namespace,
|
||||
the creator will have the power to change global resources
|
||||
that are visible to other processes that are subsequently created in,
|
||||
or join the same namespace.
|
||||
User namespaces are the exception: since Linux 3.8,
|
||||
no privilege is required to create a user namespace.
|
||||
.\"
|
||||
|
|
Loading…
Reference in New Issue