Only singlethreaded processes can setns into time ns. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/time/namespace.c?h=v6.12#n309 Signed-off-by: Michal Clapinski <mclapinski@xxxxxxxxxx> --- man/man2/setns.2 | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/man/man2/setns.2 b/man/man2/setns.2 index f32a91bd8..619717b77 100644 --- a/man/man2/setns.2 +++ b/man/man2/setns.2 @@ -237,7 +237,17 @@ Using to change the caller's cgroup namespace does not change the caller's cgroup memberships. .TP -Network, IPC, time, and UTS namespaces +Time namespaces +In order to reassociate itself with a new time namespace, +the caller must have the +.B CAP_SYS_ADMIN +capability both in its own user namespace and in the user namespace +that owns the target namespace. +.IP +A multithreaded process may not change time namespace with +.BR setns (). +.TP +Network, IPC, and UTS namespaces In order to reassociate itself with a new network, IPC, time, or UTS namespace, the caller must have the .B CAP_SYS_ADMIN -- 2.47.1.613.gc27f4b7a9f-goog
