mirror of https://github.com/mkerrisk/man-pages
capabilities.7: Explain when VFS_CAP_REVISION_3 file capabilities have effect
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
7b45f4b2ad
commit
6442c03b68
|
@ -968,6 +968,13 @@ extended attribute.
|
|||
(A namespace's root user ID is the value that user ID 0
|
||||
inside that namespace maps to in the initial user namespace.)
|
||||
.IP
|
||||
A binary with
|
||||
.BR VFS_CAP_REVISION_3
|
||||
file capabilities confers capabilities only when executed by a
|
||||
process that resides in a user namespace whose
|
||||
UID 0 maps to the root user ID that is saved in the extended attribute,
|
||||
or when executed by a process that resides in descendant of such a namespace.
|
||||
.IP
|
||||
Starting with Linux 4.14, a
|
||||
.BR VFS_CAP_REVISION_3
|
||||
.I security.capability
|
||||
|
|
Loading…
Reference in New Issue