From c281d0505d7405be370d43871f324ce8e4ab4e78 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Sun, 1 Jul 2018 11:25:21 +0200 Subject: [PATCH] capabilities.7: wfix Fix some confusion between "mask" and "extended attribute" Signed-off-by: Michael Kerrisk --- man7/capabilities.7 | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/man7/capabilities.7 b/man7/capabilities.7 index a9b3687d0..aa272fb35 100644 --- a/man7/capabilities.7 +++ b/man7/capabilities.7 @@ -944,7 +944,7 @@ then the effective flag must also be specified as enabled for all other capabilities for which the corresponding permitted or inheritable flags is enabled. .\" -.SS File capability mask versioning +.SS File capability extended attribute versioning To allow extensibility, the kernel supports a scheme to encode a version number inside the .I security.capability @@ -988,11 +988,12 @@ there may be some files with version 2 capabilities while others have version 3 capabilities. .PP Before Linux 4.14, -the only kind of capability mask that could be attached to a file was a +the only kind of file capability extended attribute +that could be attached to a file was a .B VFS_CAP_REVISION_2 -mask. +attribute. Since Linux 4.14, -the version of the capability mask that is attached to a file +the version of the capability extended attribute that is attached to a file depends on the circumstances in which the .I security.capability extended attribute was created.