capabilities.7: Document the 'no_file_caps' kernel command-line option

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-12 10:15:35 +01:00 · 2019-02-12 10:15:35 +01:00 · f6acfeb8f8
parent 962f9d0969
commit f6acfeb8f8
1 changed files with 5 additions and 0 deletions
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@ -1134,6 +1134,11 @@ the capability transitions described above may
 be performed (i.e., file capabilities may be ignored) for the same reasons
 that the set-user-ID and set-group-ID bits are ignored; see
 .BR execve (2).
+.IR Note :
+if the kernel was booted with the
+.I no_file_caps
+option, then file capabilities are ignored (treated as empty)
+during the capability transitions described above.
 .PP
 .IR Note :
 according to the rules above,