From 70b31e75fe157f4cfa5afc6589c0605868017028 Mon Sep 17 00:00:00 2001
From: Topi Miettinen <toiwoton@gmail.com>
Date: Sat, 12 Jun 2021 12:07:38 +0300
Subject: [PATCH] selinux.8: document how mount flag nosuid affects SELinux

Using mount flag `nosuid` also affects SELinux domain transitions but
this has not been documented well.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
---
 libselinux/man/man8/selinux.8 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8
index 0ef01460..5842150b 100644
--- a/libselinux/man/man8/selinux.8
+++ b/libselinux/man/man8/selinux.8
@@ -94,6 +94,13 @@ and reboot.
 also has this capability.  The
 .BR restorecon / fixfiles
 commands are also available for relabeling files.
+
+Please note that using mount flag
+.I nosuid
+also disables SELinux domain transitions, unless permission
+.I nosuid_transition
+is used in the policy to allow this, which in turn needs also policy capability
+.IR nnp_nosuid_transition .
 .
 .SH AUTHOR
 This manual page was written by Dan Walsh <dwalsh@redhat.com>.