proc.5: Update capability requirements for accessing /proc/[pid]/map_files

The requirements changed with kernel commit 12886f8ab10ce6. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Michael Kerrisk <mtk.manpages@gmail.com> 2020-10-27 13:34:31 +0100
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2020-10-27 14:51:44 +0100
commit: 167f94b707148bcd46fe39c7d4ebfada9eed88f6 (patch)
tree: 96711d3539ac130bd0162990f1e94b047383fbff
parent: 1e516a820b4dfd3e126b048c0c882cc1d555e5ea (diff)
download: man-pages-167f94b707148bcd46fe39c7d4ebfada9eed88f6.tar.gz
1 files changed, 10 insertions, 3 deletions
diff --git a/man5/proc.5 b/man5/proc.5
index 77ddd733fb..488acd483f 100644
--- a/man5/proc.5
+++ b/man5/proc.5
@@ -1261,9 +1261,16 @@ Until kernel version 4.3,
 this directory appeared only if the
 .B CONFIG_CHECKPOINT_RESTORE
 kernel configuration option was enabled.
-Additionally, in those kernel versions, privilege
-.RB ( CAP_SYS_ADMIN )
-was required to view the contents of this directory.
+.IP
+Capabilities are required to read the contents of the symbolic links in
+this directory: before Linux 5.9, the reading process requires
+.BR CAP_SYS_ADMIN
+in the initial user namespace;
+since Linux 5.9, the reading process must have either
+.BR CAP_SYS_ADMIN
+or
+.BR CAP_CHECKPOINT_RESTORE
+in the user namespace where it resides.
 .TP
 .I /proc/[pid]/maps
 A file containing the currently mapped memory regions and their access
author	Michael Kerrisk <mtk.manpages@gmail.com>	2020-10-27 13:34:31 +0100
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2020-10-27 14:51:44 +0100
commit	167f94b707148bcd46fe39c7d4ebfada9eed88f6 (patch)
tree	96711d3539ac130bd0162990f1e94b047383fbff
parent	1e516a820b4dfd3e126b048c0c882cc1d555e5ea (diff)
download	man-pages-167f94b707148bcd46fe39c7d4ebfada9eed88f6.tar.gz