LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

capabilities.7: wfix 

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2017-12-02 15:08:52 +01:00
parent f6b60423bd
commit e67ac266c8
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
man7/capabilities.7
View File

@ -1106,11 +1106,11 @@ permitted set when it
a file that has the capability in its inheritable set.
.PP
Note that the bounding set masks the file permitted capabilities,
but not the inherited capabilities.
If a thread maintains a capability in its inherited set
but not the inheritable capabilities.
If a thread maintains a capability in its inheritable set
that is not in its bounding set,
then it can still gain that capability in its permitted set
by executing a file that has the capability in its inherited set.
by executing a file that has the capability in its inheritable set.
.PP
Depending on the kernel version, the capability bounding set is either
a system-wide attribute, or a per-process attribute.
@ -1191,9 +1191,9 @@ because this capability has a different meaning when there are
no file capabilities.
.PP
Removing a capability from the bounding set does not remove it
from the thread's inherited set.
from the thread's inheritable set.
However it does prevent the capability from being added
back into the thread's inherited set in the future.
back into the thread's inheritable set in the future.
.\"
.\"
.SS Effect of user ID changes on capabilities