LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

capabilities.7: Explain when VFS_CAP_REVISION_3 file capabilities have effect 

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2018-04-13 17:22:03 +02:00
parent 7b45f4b2ad
commit 6442c03b68
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
man7/capabilities.7
View File

@ -968,6 +968,13 @@ extended attribute.
(A namespace's root user ID is the value that user ID 0
inside that namespace maps to in the initial user namespace.)
.IP
A binary with
.BR VFS_CAP_REVISION_3
file capabilities confers capabilities only when executed by a
process that resides in a user namespace whose
UID 0 maps to the root user ID that is saved in the extended attribute,
or when executed by a process that resides in descendant of such a namespace.
.IP
Starting with Linux 4.14, a
.BR VFS_CAP_REVISION_3
.I security.capability