Hello Kir, > --- a/man7/user_namespaces.7 > +++ b/man7/user_namespaces.7 > @@ -577,6 +577,12 @@ or be in the parent user namespace of the process > The mapped user IDs (group IDs) must in turn have a mapping > in the parent user namespace. > .IP 4. > +.\" commit db2e718a47984b9d71ed890eb2ea36ecf150de18 > +If a writing process is root (i.e. UID 0) trying to map host user ID 0, > +it must have > +.B CAP_SETFCAP > +capability (since Linux 5.12). > +.IP 5. > One of the following two cases applies: > .RS > .IP * 3 So, reflecting on this, I think much more should be said. See my mail "Documenting the requirement of CAP_SETFCAP to map UID 0" in a moment. Perhaps you may also have some review comments there. Cheers, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/
