capabilities.7: Add note about nosuid to file capabilities section

author: Michael Kerrisk <mtk.manpages@gmail.com> 2016-08-19 16:36:52 -0400
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2016-08-20 11:31:26 +1200
commit: 1f601b1c28584979165d1aa6cb0e5353e752365b (patch)
tree: 50f4711ba3d1e1024fb2df23730bd3c29c3c6c9e
parent: efcf47adbdacb03409ef31b2c76ca1bcbfc2cebb (diff)
download: man-pages-1f601b1c28584979165d1aa6cb0e5353e752365b.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/man7/capabilities.7 b/man7/capabilities.7
index 0ccc2bb972..877528a956 100644
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@@ -804,6 +804,13 @@ if we specify the effective flag as being enabled for any capability,
 then the effective flag must also be specified as enabled
 for all other capabilities for which the corresponding permitted or
 inheritable flags is enabled.
+.RE
+
+Note that file capability sets are ignored if the executable file
+is stored on a filesystem mounted
+.RB ( mount (2),
+.BR mount (8))
+with the nosuid option.
 .\"
 .SS Transformation of capabilities during execve()
 .PP
author	Michael Kerrisk <mtk.manpages@gmail.com>	2016-08-19 16:36:52 -0400
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2016-08-20 11:31:26 +1200
commit	1f601b1c28584979165d1aa6cb0e5353e752365b (patch)
tree	50f4711ba3d1e1024fb2df23730bd3c29c3c6c9e
parent	efcf47adbdacb03409ef31b2c76ca1bcbfc2cebb (diff)
download	man-pages-1f601b1c28584979165d1aa6cb0e5353e752365b.tar.gz