--- man2/clone.2 | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) ref: own testing with setcap and unshare -n /bin/bash minimum set required turns out to be # setcap cap_sys_admin,cap_net_raw+ep /usr/bin/unshare $ unshare -n /bin/bash $ $ lsb_release -ir Distributor ID: Ubuntu Release: 10.04 $ uname -a Linux ip 2.6.32-26-generic #48-Ubuntu SMP Wed Nov 24 10:14:11 UTC 2010 x86_64 GNU/Linux diff --git a/man2/clone.2 b/man2/clone.2 index 4085179..edb3e91 100644 --- a/man2/clone.2 +++ b/man2/clone.2 @@ -322,7 +322,7 @@ initial network namespace (not to the parent of the process). Use of this flag requires: a kernel configured with the .B CONFIG_NET_NS option and that the process be privileged -.RB ( CAP_SYS_ADMIN ). +.RB ( CAP_NET_RAW | CAP_SYS_ADMIN ). .TP .BR CLONE_NEWNS " (since Linux 2.4.19)" Start the child in a new mount namespace. -- 1.7.0.4 -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
