LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

capabilities.7: Add text introducing bounding set along with other thread capability sets 

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2018-05-01 12:54:28 +02:00
parent daf8312704
commit 36de80b984
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
man7/capabilities.7
View File

@ -838,6 +838,18 @@ ambient capabilities, described below.
This is the set of capabilities used by the kernel to This is the set of capabilities used by the kernel to
perform permission checks for the thread. perform permission checks for the thread.
.TP .TP
.IR Bounding " (per-thread since Linux 2.6.25)"
The capability bounding set is a mechanism that can be used
to limit the capabilities that are gained during
.BR execve (2).
.IP
Since Linux 2.6.25, this is a per-thread capability set.
In older kernels, the capability bounding set was a system wide attribute
shared by all threads on the system.
.IP
.IP
For more details on the capability bounding set, see below.
.TP
.IR Ambient " (since Linux 4.3):" .IR Ambient " (since Linux 4.3):"
.\" commit 58319057b7847667f0c9585b9de0e8932b0fdb08 .\" commit 58319057b7847667f0c9585b9de0e8932b0fdb08
This is a set of capabilities that are preserved across an This is a set of capabilities that are preserved across an