diff options
Diffstat (limited to 'man7/capabilities.7')
| -rw-r--r-- | man7/capabilities.7 | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/man7/capabilities.7 b/man7/capabilities.7 index a3d5849ecb..547dc226f9 100644 --- a/man7/capabilities.7 +++ b/man7/capabilities.7 @@ -1058,26 +1058,26 @@ the process using the following algorithm: P'(ambient) = (file is privileged) ? 0 : P(ambient) P'(permitted) = (P(inheritable) & F(inheritable)) | - (F(permitted) & cap_bset) | P'(ambient) + (F(permitted) & P(bounding)) | P'(ambient) P'(effective) = F(effective) ? P'(permitted) : P'(ambient) P'(inheritable) = P(inheritable) [i.e., unchanged] + +P'(bounding) = P(bounding) [i.e., unchanged] .EE .in .PP where: .RS 4 -.IP P 10 +.IP P() 6 denotes the value of a thread capability set before the .BR execve (2) -.IP P' +.IP P'() denotes the value of a thread capability set after the .BR execve (2) -.IP F +.IP F() denotes a file capability set -.IP cap_bset -is the value of the capability bounding set (described below). .RE .PP A privileged file is one that has capabilities or |