mirror of https://github.com/mkerrisk/man-pages
capabilities.7: Under CAP_SYS_ADMIN, group "sub-capabilities" together
CAP_BPF, CAP_PERFMON, and CAP_CHECKPOINT_RESTORE have all been added to split out the power of CAP_SYS_ADMIN into weaker pieces. Group all of these capabilities together in the list under CAP_SYS_ADMIN, to make it clear that there is a pattern to these capabilities. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
045c5bde77
commit
2fbfb575b8
|
@ -415,6 +415,16 @@ access the same checkpoint/restore functionality that is governed by
|
|||
(but the latter, weaker capability is preferred for accessing
|
||||
that functionality).
|
||||
.IP *
|
||||
perform the same BPF operations as are governed by
|
||||
.BR CAP_BPF
|
||||
(but the latter, weaker capability is preferred for accessing
|
||||
that functionality).
|
||||
.IP *
|
||||
employ the same performance monitoring mechanisms as are governed by
|
||||
.BR CAP_PERFMON
|
||||
(but the latter, weaker capability is preferred for accessing
|
||||
that functionality).
|
||||
.IP *
|
||||
perform
|
||||
.B IPC_SET
|
||||
and
|
||||
|
@ -463,9 +473,6 @@ and
|
|||
(but, since Linux 3.8,
|
||||
creating user namespaces does not require any capability);
|
||||
.IP *
|
||||
employ various performance monitoring mechanisms (as for
|
||||
.BR CAP_PERFMON );
|
||||
.IP *
|
||||
access privileged
|
||||
.I perf
|
||||
event information;
|
||||
|
@ -481,10 +488,6 @@ namespace);
|
|||
call
|
||||
.BR fanotify_init (2);
|
||||
.IP *
|
||||
perform various BPF operations;
|
||||
see
|
||||
.BR CAP_BPF ;
|
||||
.IP *
|
||||
perform privileged
|
||||
.B KEYCTL_CHOWN
|
||||
and
|
||||
|
|
Loading…
Reference in New Issue