LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

capabilities.7: Document CAP_SETUID and CAP_SETGID for user namespace mappings 

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2013-02-25 18:39:13 +01:00
parent c67d3814e7
commit 5bea231de3
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
man7/capabilities.7
View File

@ -251,7 +251,9 @@ bind to any address for transparent proxying.
.TP
.B CAP_SETGID
Make arbitrary manipulations of process GIDs and supplementary GID list;
forge GID when passing socket credentials via UNIX domain sockets.
forge GID when passing socket credentials via UNIX domain sockets;
write a group ID mapping in a user namespace (see
.BR namespaces (7)).
.TP
.BR CAP_SETFCAP " (since Linux 2.6.24)"
Set file capabilities.
@ -283,7 +285,9 @@ Make arbitrary manipulations of process UIDs
.BR setreuid (2),
.BR setresuid (2),
.BR setfsuid (2));
make forged UID when passing socket credentials via UNIX domain sockets.
make forged UID when passing socket credentials via UNIX domain sockets;
write a user ID mapping in a user namespace (see
.BR namespaces (7)).
.\" FIXME CAP_SETUID also an effect in exec(); document this.
.TP
.B CAP_SYS_ADMIN