unshare.2: add note about potential capabilities confusion

Link: <https://bugzilla.kernel.org/show_bug.cgi?id=216215> Signed-off-by: Patrick Reader <_@pxeger.com> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
author: Patrick Reader <_@pxeger.com> 2022-09-06 09:49:16 +0100
committer: Alejandro Colomar <alx.manpages@gmail.com> 2022-09-06 14:28:31 +0200
commit: 8f4ed6463206e8ede815c72085c7305dafc2e4fc (patch)
tree: 7cc3d8b1d061a7b597c8e8a42f7cbe20b341a52a /man
parent: c06943bee9ff89082de8567c41f78d2d45b073eb (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/man/man2/unshare.2 b/man/man2/unshare.2
index e72464950..79a960728 100644
--- a/man/man2/unshare.2
+++ b/man/man2/unshare.2
@@ -461,6 +461,17 @@ Such functionality may be added in the future, if required.
 .\"be incrementally added to unshare without affecting legacy
 .\"applications using unshare.
 .\"
+.PP
+Creating all kinds of namespace, except user namespaces, requires the
+.B CAP_SYS_ADMIN
+capability.
+However, since creating a user namespace automatically confers a full set of
+capabilities,
+creating both a user namespace and any other type of namespace in the same
+.BR unshare ()
+call does not require the
+.B CAP_SYS_ADMIN
+capability in the original namespace.
 .SH EXAMPLES
 The program below provides a simple implementation of the
 .BR unshare (1)
author	Patrick Reader <_@pxeger.com>	2022-09-06 09:49:16 +0100
committer	Alejandro Colomar <alx.manpages@gmail.com>	2022-09-06 14:28:31 +0200
commit	8f4ed6463206e8ede815c72085c7305dafc2e4fc (patch)
tree	7cc3d8b1d061a7b597c8e8a42f7cbe20b341a52a /man
parent	c06943bee9ff89082de8567c41f78d2d45b073eb (diff)