CLONE_NEWPID and CLONE_PARENT can be used together, but not CLONE_THREAD. Similarly, CLONE_NEWUSER and CLONE_PARENT can be used together, but not CLONE_THREAD. This was discussed here: <https://lore.kernel.org/linux-man/06febfb3-e2e2-4363-bc34-83a07692144f@xxxxxxxxxx/T/> Relevant code: <https://github.com/torvalds/linux/blob/219d54332a09e8d8741c1e1982f5eae56099de85/kernel/fork.c#L1815> Cc: Carlos O'Donell <carlos@xxxxxxxxxx> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: devhoodit <devhoodit@xxxxxxxxx> --- man/man2/clone.2 | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/man/man2/clone.2 b/man/man2/clone.2 index 1b74e4c92..b9561125a 100644 --- a/man/man2/clone.2 +++ b/man/man2/clone.2 @@ -776,9 +776,7 @@ .SS The flags mask no privileges are needed to create a user namespace. .IP This flag can't be specified in conjunction with -.B CLONE_THREAD -or -.BR CLONE_PARENT . +.BR CLONE_THREAD . For security reasons, .\" commit e66eded8309ebf679d3d3c1f5820d1f2ca332c71 .\" https://lwn.net/Articles/543273/ @@ -1319,11 +1317,10 @@ .SH ERRORS mask. .TP .B EINVAL +Both .B CLONE_NEWPID -and one (or both) of +and .B CLONE_THREAD -or -.B CLONE_PARENT were specified in the .I flags mask. -- 2.49.0
