diff options
| -rw-r--r-- | man7/capabilities.7 | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/man7/capabilities.7 b/man7/capabilities.7 index e5a3ce50da..c9fd457187 100644 --- a/man7/capabilities.7 +++ b/man7/capabilities.7 @@ -1450,6 +1450,13 @@ in those sets. This flag is always cleared on an .BR execve (2). .IP +Note that even with the +.B SECBIT_KEEP_CAPS +flag set, the effective capabilities of a thread are cleared when it +switches its effective UID to a nonzero value. However, if the effective +UID is already nonzero and a thread subsequently switches all other UIDs +to nonzero values, then the effective capabilities will not be cleared. +.IP The setting of the .B SECBIT_KEEP_CAPS flag is ignored if the |