mirror of https://github.com/mkerrisk/man-pages
capabilities.7: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
f6b60423bd
commit
e67ac266c8
|
@ -1106,11 +1106,11 @@ permitted set when it
|
|||
a file that has the capability in its inheritable set.
|
||||
.PP
|
||||
Note that the bounding set masks the file permitted capabilities,
|
||||
but not the inherited capabilities.
|
||||
If a thread maintains a capability in its inherited set
|
||||
but not the inheritable capabilities.
|
||||
If a thread maintains a capability in its inheritable set
|
||||
that is not in its bounding set,
|
||||
then it can still gain that capability in its permitted set
|
||||
by executing a file that has the capability in its inherited set.
|
||||
by executing a file that has the capability in its inheritable set.
|
||||
.PP
|
||||
Depending on the kernel version, the capability bounding set is either
|
||||
a system-wide attribute, or a per-process attribute.
|
||||
|
@ -1191,9 +1191,9 @@ because this capability has a different meaning when there are
|
|||
no file capabilities.
|
||||
.PP
|
||||
Removing a capability from the bounding set does not remove it
|
||||
from the thread's inherited set.
|
||||
from the thread's inheritable set.
|
||||
However it does prevent the capability from being added
|
||||
back into the thread's inherited set in the future.
|
||||
back into the thread's inheritable set in the future.
|
||||
.\"
|
||||
.\"
|
||||
.SS Effect of user ID changes on capabilities
|
||||
|
|
Loading…
Reference in New Issue