capabilities.7: Update CAP_NET_ADMIN with notes from include/linux/capability.h

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2012-03-05 12:05:30 +13:00 · 2012-03-05 12:05:30 +13:00 · e87268ecb8
parent b39a2012be
commit e87268ecb8
1 changed files with 32 additions and 4 deletions
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@ -177,10 +177,38 @@ Create special files using
 .BR mknod (2).
 .TP
 .B CAP_NET_ADMIN
-Perform various network-related operations
-(e.g., setting privileged socket options,
-enabling multicasting, interface configuration,
-modifying routing tables).
+Perform various network-related operations:
+.PD 0
+.RS
+.IP * 2
+interface configuration;
+.IP *
+administration of IP firewall, masquerading, and accounting
+.IP *
+modify routing tables;
+.IP *
+bind to any address for transparent proxying;
+.IP *
+set type-of-service (TOS)
+.IP *
+clear driver statistics;
+.IP *
+set promiscuous mode;
+.IP *
+enabling multicasting;
+.IP *
+use
+.BR setsockopt (2)
+to set the following socket options:
+.BR SO_DEBUG ,
+.BR SO_MARK ,
+.BR SO_PRIORITY
+(for a priority outside the range 0 to 6),
+.BR SO_RCVBUFFORCE ,
+and
+.BR SO_SNDBUFFORCE .
+.RE
+.PD
 .TP
 .B CAP_NET_BIND_SERVICE
 Bind a socket to Internet domain privileged ports