See https://bugzilla.kernel.org/show_bug.cgi?id=216215 for context.
I know nothing about groff formatting, so what I wrote here is based on
my inference from reading the existing source. If it's wrong, I apologise.
Signed-off-by: Patrick Reader <_@xxxxxxxxxx>
---
man/man2/unshare.2 | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/man/man2/unshare.2 b/man/man2/unshare.2
index e72464950..851129022 100644
--- a/man/man2/unshare.2
+++ b/man/man2/unshare.2
@@ -461,6 +461,16 @@ Such functionality may be added in the future, if
required.
.\"be incrementally added to unshare without affecting legacy
.\"applications using unshare.
.\"
+.PP
+Creating all kinds of namespace, except user namespaces, requires the
+.B CAP_SYS_ADMIN
+capability. However, since creating a user namespace automatically
confers a
+full set of capabilities, creating both a user namespace and any other type
+of namespace in the same
+.BR unshare ()
+call does not require the
+.B CAP_SYS_ADMIN
+capability in the original namespace.
.SH EXAMPLES
The program below provides a simple implementation of the
.BR unshare (1)
--
2.37.3
