capabilities.7: CAP_IPC_LOCK also governs memory allocation using huge pages

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Michael Kerrisk <mtk.manpages@gmail.com> 2021-05-17 14:08:37 +1200
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2021-05-17 14:08:37 +1200
commit: 3dcdef9437fafb72d5ff88b786e049bc77d6fd14 (patch)
tree: 8e75aaa989d656be8c51b29771d509c9e03e5242
parent: f603c6f39d1c98357387122fa3ba89e07535c4f8 (diff)
download: man-pages-3dcdef9437fafb.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/man7/capabilities.7 b/man7/capabilities.7
index 7e79b2fb63..cf9dc190f6 100644
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@@ -205,11 +205,21 @@ the filesystem or any of the supplementary GIDs of the calling process.
 .B CAP_IPC_LOCK
 .\" FIXME . As at Linux 3.2, there are some strange uses of this capability
 .\" in other places; they probably should be replaced with something else.
+.PD 0
+.RS
+.IP * 2
 Lock memory
 .RB ( mlock (2),
 .BR mlockall (2),
 .BR mmap (2),
+.BR shmctl (2));
+.IP *
+Allocate memory using huge pages
+.RB ( memfd_create (2)
+.BR mmap (2),
 .BR shmctl (2)).
+.PD 0
+.RE
 .TP
 .B CAP_IPC_OWNER
 Bypass permission checks for operations on System V IPC objects.
author	Michael Kerrisk <mtk.manpages@gmail.com>	2021-05-17 14:08:37 +1200
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2021-05-17 14:08:37 +1200
commit	3dcdef9437fafb72d5ff88b786e049bc77d6fd14 (patch)
tree	8e75aaa989d656be8c51b29771d509c9e03e5242
parent	f603c6f39d1c98357387122fa3ba89e07535c4f8 (diff)
download	man-pages-3dcdef9437fafb.tar.gz