mirror of https://github.com/mkerrisk/man-pages
capabilities.7: Document CAP_SETUID and CAP_SETGID for user namespace mappings
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
c67d3814e7
commit
5bea231de3
|
@ -251,7 +251,9 @@ bind to any address for transparent proxying.
|
|||
.TP
|
||||
.B CAP_SETGID
|
||||
Make arbitrary manipulations of process GIDs and supplementary GID list;
|
||||
forge GID when passing socket credentials via UNIX domain sockets.
|
||||
forge GID when passing socket credentials via UNIX domain sockets;
|
||||
write a group ID mapping in a user namespace (see
|
||||
.BR namespaces (7)).
|
||||
.TP
|
||||
.BR CAP_SETFCAP " (since Linux 2.6.24)"
|
||||
Set file capabilities.
|
||||
|
@ -283,7 +285,9 @@ Make arbitrary manipulations of process UIDs
|
|||
.BR setreuid (2),
|
||||
.BR setresuid (2),
|
||||
.BR setfsuid (2));
|
||||
make forged UID when passing socket credentials via UNIX domain sockets.
|
||||
make forged UID when passing socket credentials via UNIX domain sockets;
|
||||
write a user ID mapping in a user namespace (see
|
||||
.BR namespaces (7)).
|
||||
.\" FIXME CAP_SETUID also an effect in exec(); document this.
|
||||
.TP
|
||||
.B CAP_SYS_ADMIN
|
||||
|
|
Loading…
Reference in New Issue