Comment 9 for bug 1576341

Right you can check whether you have CAP_X targeted at your own user ns, and you can check whether you are in an init_user_ns (by checking /proc/self/uid_map). The manpages currently are rarely clear, when they say you need CAP_X, about which namespace that must be targeted against. (I just corrected one instance in a branch). And as you can see, if the manpages were, they woudl be quickly out of date, since the process of (a) deducing which capability checks can be namespaced, (b) converting those, or (c) improving the target's namespaces so that the checks can be namespaced (if possible) is ongoing, and will be for a long time.