diff options
Diffstat (limited to 'man7/capabilities.7')
| -rw-r--r-- | man7/capabilities.7 | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/man7/capabilities.7 b/man7/capabilities.7 index 3d4e23e51b..4c822a0bba 100644 --- a/man7/capabilities.7 +++ b/man7/capabilities.7 @@ -1061,6 +1061,15 @@ except those masked out by the capability bounding set. .PP The above steps yield semantics that are the same as those provided by traditional UNIX systems. +.\" +.SS Set-user-ID-root programs that have file capabilities +Executing a program that is both set-user-ID root and has +file capabilities will cause the process to gain just the +capabilities granted by the program +(i.e., not all capabilities, +as would occur when executing a set-user-ID-root program +that does not have any associated file capabilities). +.\" .SS Capability bounding set The capability bounding set is a security mechanism that can be used to limit the capabilities that can be gained during an |