Update the mount_namespaces(7) with a mention that unsharing the
mountspace require the CAP_SYS_ADMIN-capability. If possible, please
also add a justification because I know of several people who would like
to understand that.
(In fact I'm about to write a setuid-program which allows unsharing the
mountspace for everyone and was wondering, if that is insecure in any
way? What is the rationale behind disallowing unsharing the mountspace
for regular users? Note that I know that doing so is possible by also
unsharing the usernamespace, but this introduces other limitations [e.g.
setuid-programs cannot be called from there]).
Thank you very much, also for the valuable work you have done so far.
Best regards
Tycho Kirchner
