mirror of https://github.com/mkerrisk/man-pages
capabilities.7: srcfix: Removed FIXME
No credential match of file UID and namespace creator UID is needed to create a v3 security extended attribute. Verified by experiment using my userns_child_exec.c and show_creds.c programs (available on http://man7.org/tlpi/code): $ sudo setcap cap_setuid,cap_dac_override=pe \ ./userns_child_exec $ ./userns_child_exec -U -r setcap cap_kill=pe show_creds $ ./userns_child_exec -U -M '0 1000 10' -G '0 1000 1' \ -s 1 ./show_creds eUID = 1; eGID = 0; capabilities: = cap_kill+ep Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
737002259f
commit
54254ef33a
|
@ -1016,9 +1016,6 @@ meaning that (a) the thread has the
|
|||
capability in its own user namespace;
|
||||
and (b) the UID and GID of the file inode have mappings in
|
||||
the writer's user namespace.
|
||||
.\" FIXME
|
||||
.\" Does there also need to be some kind of credential match
|
||||
.\" between the file and the namespace creator UID?
|
||||
.PP
|
||||
When a
|
||||
.BR VFS_CAP_REVISION_3
|
||||
|
|
Loading…
Reference in New Issue