capabilities.7: Ambient capabilities do not trigger secure-execution mode

Reported-by: Pierre Chifflier <pollux@debian.org> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-09-13 00:44:15 +02:00 · 2018-09-13 00:44:15 +02:00 · 5367a9aba9
parent d4dca6b626
commit 5367a9aba9
1 changed files with 5 additions and 0 deletions
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@ -870,6 +870,11 @@ Ambient capabilities are added to the permitted set and
 assigned to the effective set when
 .BR execve (2)
 is called.
+If ambient capabilities cause a process's permitted and effective
+capabilities to increase during an
+.BR execve (2),
+this does not trigger the secure-execution mode described in
+.BR ld.so (8).
 .PP
 A child created via
 .BR fork (2)