mirror of https://github.com/mkerrisk/man-pages
capabilities.7, user_namespaces.7: Describe CAP_SETFCAP
mtk: The kernel commit message is quite enlihtening: commit db2e718a47984b9d71ed890eb2ea36ecf150de18 Author: Serge E. Hallyn <serge@hallyn.com> Date: Tue Apr 20 08:43:34 2021 -0500 Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
76dec7bbd4
commit
29c1f3cf96
|
@ -349,6 +349,12 @@ write a group ID mapping in a user namespace (see
|
|||
.TP
|
||||
.BR CAP_SETFCAP " (since Linux 2.6.24)"
|
||||
Set arbitrary capabilities on a file.
|
||||
.IP
|
||||
.\" commit db2e718a47984b9d71ed890eb2ea36ecf150de18
|
||||
Since Linux 5.12, this capability is
|
||||
also needed to map uid 0 (as in
|
||||
.BR unshare\ -Ur ,
|
||||
.RB see unshare (1).
|
||||
.TP
|
||||
.B CAP_SETPCAP
|
||||
If file capabilities are supported (i.e., since Linux 2.6.24):
|
||||
|
|
|
@ -577,6 +577,12 @@ or be in the parent user namespace of the process
|
|||
The mapped user IDs (group IDs) must in turn have a mapping
|
||||
in the parent user namespace.
|
||||
.IP 4.
|
||||
.\" commit db2e718a47984b9d71ed890eb2ea36ecf150de18
|
||||
If a writing process is root (i.e. UID 0) trying to map host user ID 0,
|
||||
it must have
|
||||
.B CAP_SETFCAP
|
||||
capability (since Linux 5.12).
|
||||
.IP 5.
|
||||
One of the following two cases applies:
|
||||
.RS
|
||||
.IP * 3
|
||||
|
|
Loading…
Reference in New Issue