mirror of https://github.com/mkerrisk/man-pages
capabilities.7: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
f6b60423bd
commit
e67ac266c8
|
@ -1106,11 +1106,11 @@ permitted set when it
|
||||||
a file that has the capability in its inheritable set.
|
a file that has the capability in its inheritable set.
|
||||||
.PP
|
.PP
|
||||||
Note that the bounding set masks the file permitted capabilities,
|
Note that the bounding set masks the file permitted capabilities,
|
||||||
but not the inherited capabilities.
|
but not the inheritable capabilities.
|
||||||
If a thread maintains a capability in its inherited set
|
If a thread maintains a capability in its inheritable set
|
||||||
that is not in its bounding set,
|
that is not in its bounding set,
|
||||||
then it can still gain that capability in its permitted set
|
then it can still gain that capability in its permitted set
|
||||||
by executing a file that has the capability in its inherited set.
|
by executing a file that has the capability in its inheritable set.
|
||||||
.PP
|
.PP
|
||||||
Depending on the kernel version, the capability bounding set is either
|
Depending on the kernel version, the capability bounding set is either
|
||||||
a system-wide attribute, or a per-process attribute.
|
a system-wide attribute, or a per-process attribute.
|
||||||
|
@ -1191,9 +1191,9 @@ because this capability has a different meaning when there are
|
||||||
no file capabilities.
|
no file capabilities.
|
||||||
.PP
|
.PP
|
||||||
Removing a capability from the bounding set does not remove it
|
Removing a capability from the bounding set does not remove it
|
||||||
from the thread's inherited set.
|
from the thread's inheritable set.
|
||||||
However it does prevent the capability from being added
|
However it does prevent the capability from being added
|
||||||
back into the thread's inherited set in the future.
|
back into the thread's inheritable set in the future.
|
||||||
.\"
|
.\"
|
||||||
.\"
|
.\"
|
||||||
.SS Effect of user ID changes on capabilities
|
.SS Effect of user ID changes on capabilities
|
||||||
|
|
Loading…
Reference in New Issue