capabilities.7: CAP_IPC_LOCK also governs memory allocation using huge pages

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2021-05-17 14:08:37 +12:00 · 2021-05-17 14:08:37 +12:00 · 3dcdef9437
parent f603c6f39d
commit 3dcdef9437
1 changed files with 10 additions and 0 deletions
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@ -205,11 +205,21 @@ the filesystem or any of the supplementary GIDs of the calling process.
 .B CAP_IPC_LOCK
 .\" FIXME . As at Linux 3.2, there are some strange uses of this capability
 .\" in other places; they probably should be replaced with something else.
+.PD 0
+.RS
+.IP * 2
 Lock memory
 .RB ( mlock (2),
 .BR mlockall (2),
 .BR mmap (2),
+.BR shmctl (2));
+.IP *
+Allocate memory using huge pages
+.RB ( memfd_create (2)
+.BR mmap (2),
 .BR shmctl (2)).
+.PD 0
+.RE
 .TP
 .B CAP_IPC_OWNER
 Bypass permission checks for operations on System V IPC objects.