LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

prctl.2: Document operations for ambient capabilities 

Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Andy Lutomirski 2015-12-04 08:30:51 +01:00 committed by Michael Kerrisk
parent 3a0c27f88e
commit e81a96ecbd
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
man2/prctl.2
View File

@ -954,6 +954,19 @@ had been called.
For further information on Intel MPX, see the kernel source file
.IR Documentation/x86/intel_mpx.txt .
.\"
.TP
.BR PR_CAP_AMBIENT " (since Linux 4.2)"
Reads or changes the ambient capability set. If arg2 is PR_CAP_AMBIENT_RAISE,
then the capability specified in arg3 is added to the ambient set. This will
fail, returning EPERM, if the capability is not already both permitted and
inheritable or if the SECBIT_NO_CAP_AMBIENT_RAISE securebit is set. If arg2
is PR_CAP_AMBIENT_LOWER, then the capability specified in arg3 is removed
from the ambient set. If arg2 is PR_CAP_AMBIENT_IS_SET, then
.BR prctl (2)
will return 1 if the capability in arg3 is in the ambient set and 0 if not.
If arg2 is PR_CAP_AMBIENT_CLEAR_ALL, then all capabilities will
be removed from the ambient set. (Using PR_CAP_AMBIENT_CLEAR_ALL requires
setting arg3 to zero.)
.SH RETURN VALUE
On success,
.BR PR_GET_DUMPABLE ,