LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

capabilities.7: Add text introducing bounding set along with other thread capability sets 

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2018-05-01 12:54:28 +02:00
parent daf8312704
commit 36de80b984
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
man7/capabilities.7
View File

@ -838,6 +838,18 @@ ambient capabilities, described below.
This is the set of capabilities used by the kernel to
perform permission checks for the thread.
.TP
.IR Bounding " (per-thread since Linux 2.6.25)"
The capability bounding set is a mechanism that can be used
to limit the capabilities that are gained during
.BR execve (2).
.IP
Since Linux 2.6.25, this is a per-thread capability set.
In older kernels, the capability bounding set was a system wide attribute
shared by all threads on the system.
.IP
.IP
For more details on the capability bounding set, see below.
.TP
.IR Ambient " (since Linux 4.3):"
.\" commit 58319057b7847667f0c9585b9de0e8932b0fdb08
This is a set of capabilities that are preserved across an