diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2009-08-02 09:08:41 +0200 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2009-08-02 09:08:41 +0200 |
| commit | 129bf37be89c8d4751479798ca4952884850eb32 (patch) | |
| tree | 9eac5c6964bb7c110903de53efd573fb7c484b4a /man7 | |
| parent | 1f9b08391e9dec8ff50c86accc3bed7b9e718520 (diff) | |
| download | man-pages-129bf37be89c8d4751479798ca4952884850eb32.tar.gz | |
capabilities.7: FS UID manipulations affect CAP_LINUX_IMMUTABLE and CAP_MKNOD
Nowadays, file system UID manipulations also affect
CAP_LINUX_IMMUTABLE (since 2.6.3) and CAP_MKNOD (since 2.6.29).
Reported-by: Serge Hallyn: <serue@us.ibm.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Diffstat (limited to 'man7')
| -rw-r--r-- | man7/capabilities.7 | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/man7/capabilities.7 b/man7/capabilities.7 index 5a5902683f..e5f1fe7012 100644 --- a/man7/capabilities.7 +++ b/man7/capabilities.7 @@ -42,7 +42,7 @@ .\" capability, then we must also set the effective flag for all .\" other capabilities where the permitted or inheritable bit is set. .\" -.TH CAPABILITIES 7 2008-11-27 "Linux" "Linux Programmer's Manual" +.TH CAPABILITIES 7 2009-08-02 "Linux" "Linux Programmer's Manual" .SH NAME capabilities \- overview of Linux capabilities .SH DESCRIPTION @@ -717,8 +717,12 @@ then the following capabilities are cleared from the effective set: .BR CAP_DAC_READ_SEARCH , .BR CAP_FOWNER , .BR CAP_FSETID , +.B CAP_LINUX_IMMUTABLE +(since Linux 2.2.30), +.BR CAP_MAC_OVERRIDE , and -.BR CAP_MAC_OVERRIDE . +.B CAP_MKNOD +(since Linux 2.2.29). If the file system UID is changed from non-zero to 0, then any of these capabilities that are enabled in the permitted set are enabled in the effective set. |