mirror of https://github.com/mkerrisk/man-pages
ffix
This commit is contained in:
parent
5917ad3d34
commit
0b9bdf82fb
|
@ -246,7 +246,7 @@ where the
|
|||
flag is set, the cloned child is started in a new namespace,
|
||||
initialized with a copy of the namespace of the parent.
|
||||
|
||||
Only a privileged process (one having the CAP_SYS_ADMIN capability)
|
||||
Only a privileged process (one having the \fBCAP_SYS_ADMIN\fP capability)
|
||||
may specify the
|
||||
.B CLONE_NEWNS
|
||||
flag.
|
||||
|
@ -613,7 +613,7 @@ copied.
|
|||
.TP
|
||||
.B EPERM
|
||||
.B CLONE_NEWNS
|
||||
was specified by a non-root process (process without CAP_SYS_ADMIN).
|
||||
was specified by a non-root process (process without \fBCAP_SYS_ADMIN\fP).
|
||||
.TP
|
||||
.B EPERM
|
||||
.B CLONE_PID
|
||||
|
|
|
@ -246,7 +246,7 @@ where the
|
|||
flag is set, the cloned child is started in a new namespace,
|
||||
initialized with a copy of the namespace of the parent.
|
||||
|
||||
Only a privileged process (one having the CAP_SYS_ADMIN capability)
|
||||
Only a privileged process (one having the \fBCAP_SYS_ADMIN\fP capability)
|
||||
may specify the
|
||||
.B CLONE_NEWNS
|
||||
flag.
|
||||
|
@ -613,7 +613,7 @@ copied.
|
|||
.TP
|
||||
.B EPERM
|
||||
.B CLONE_NEWNS
|
||||
was specified by a non-root process (process without CAP_SYS_ADMIN).
|
||||
was specified by a non-root process (process without \fBCAP_SYS_ADMIN\fP).
|
||||
.TP
|
||||
.B EPERM
|
||||
.B CLONE_PID
|
||||
|
|
|
@ -98,7 +98,7 @@ which
|
|||
is invalid.
|
||||
.TP
|
||||
.B EPERM
|
||||
User does not have the CAP_SYS_ADMIN capability.
|
||||
User does not have the \fBCAP_SYS_ADMIN\fI capability.
|
||||
This does not apply to
|
||||
.BR pciconfig_iobase ().
|
||||
.SH "CONFORMING TO"
|
||||
|
|
|
@ -160,7 +160,7 @@ needs an effective user ID equal to the user ID or effective user ID
|
|||
of the process identified by
|
||||
.IR pid ,
|
||||
or it must possess the
|
||||
.IR CAP_SYS_NICE
|
||||
.BR CAP_SYS_NICE
|
||||
capability.
|
||||
.TP
|
||||
.B ESRCH
|
||||
|
|
|
@ -55,7 +55,7 @@ is set appropriately.
|
|||
.TP
|
||||
.B EPERM
|
||||
The calling process is not privileged (does not have the
|
||||
CAP_SETGID capability), and
|
||||
\fBCAP_SETGID\fP capability), and
|
||||
.I gid
|
||||
does not match the effective group ID or saved set-group-ID of
|
||||
the calling process.
|
||||
|
|
|
@ -45,7 +45,7 @@ effective UID, and saved set-user-ID, each to one of:
|
|||
the current real UID, the current effective UID or the
|
||||
current saved set-user-ID.
|
||||
|
||||
Privileged processes (on Linux, those having the CAP_SETUID capability)
|
||||
Privileged processes (on Linux, those having the \fBCAP_SETUID\fP capability)
|
||||
may set the real UID, effective UID, and
|
||||
saved set-user-ID to arbitrary values.
|
||||
|
||||
|
@ -74,7 +74,7 @@ does not match the current UID and this call would
|
|||
bring that user ID over its NPROC rlimit.
|
||||
.TP
|
||||
.B EPERM
|
||||
The calling process is not privileged (did not have the CAP_SETUID
|
||||
The calling process is not privileged (did not have the \fBCAP_SETUID\fP
|
||||
capability) and tried to change the IDs to values that are not permitted.
|
||||
.SH VERSIONS
|
||||
These calls are available under Linux since Linux 2.1.44.
|
||||
|
|
|
@ -198,14 +198,14 @@ when accessing files.
|
|||
On Linux, superuser privileges are divided into capabilities (see
|
||||
.BR capabilities (7)).
|
||||
Two capabilities are relevant for file permissions checks:
|
||||
CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH.
|
||||
\fBCAP_DAC_OVERRIDE\fP and \fBCAP_DAC_READ_SEARCH\fP.
|
||||
(A process has these capabilities if its fsuid is 0.)
|
||||
|
||||
The CAP_DAC_OVERRIDE capability overrides all permission checking,
|
||||
The \fBCAP_DAC_OVERRIDE\fP capability overrides all permission checking,
|
||||
but only grants execute permission when at least one
|
||||
of the file's three execute permission bits is set.
|
||||
|
||||
The CAP_DAC_READ_SEARCH capability grants read and search permission
|
||||
The \fBCAP_DAC_READ_SEARCH\fP capability grants read and search permission
|
||||
on directories, and read permission on ordinary files.
|
||||
.\" FIXME say something about immutable files
|
||||
.\" FIXME say something about ACLs
|
||||
|
|
Loading…
Reference in New Issue