mirror of https://github.com/mkerrisk/man-pages
capabilities.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
ddc1ad3079
commit
c2b279afb7
|
@ -807,7 +807,7 @@ silo into which other related future use cases might fit.
|
|||
Each thread has the following capability sets containing zero or more
|
||||
of the above capabilities:
|
||||
.TP
|
||||
.IR Permitted :
|
||||
.IR Permitted
|
||||
This is a limiting superset for the effective
|
||||
capabilities that the thread may assume.
|
||||
It is also a limiting superset for the capabilities that
|
||||
|
@ -821,7 +821,7 @@ it can never reacquire that capability (unless it
|
|||
either a set-user-ID-root program, or
|
||||
a program whose associated file capabilities grant that capability).
|
||||
.TP
|
||||
.IR Inheritable :
|
||||
.IR Inheritable
|
||||
This is a set of capabilities preserved across an
|
||||
.BR execve (2).
|
||||
Inheritable capabilities remain inheritable when executing any program,
|
||||
|
@ -834,7 +834,7 @@ when running as a non-root user, applications that wish to run helper
|
|||
programs with elevated capabilities should consider using
|
||||
ambient capabilities, described below.
|
||||
.TP
|
||||
.IR Effective :
|
||||
.IR Effective
|
||||
This is the set of capabilities used by the kernel to
|
||||
perform permission checks for the thread.
|
||||
.TP
|
||||
|
@ -850,7 +850,7 @@ shared by all threads on the system.
|
|||
.IP
|
||||
For more details on the capability bounding set, see below.
|
||||
.TP
|
||||
.IR Ambient " (since Linux 4.3):"
|
||||
.IR Ambient " (since Linux 4.3)"
|
||||
.\" commit 58319057b7847667f0c9585b9de0e8932b0fdb08
|
||||
This is a set of capabilities that are preserved across an
|
||||
.BR execve (2)
|
||||
|
|
Loading…
Reference in New Issue