diff options
Diffstat (limited to 'man7')
| -rw-r--r-- | man7/capabilities.7 | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/man7/capabilities.7 b/man7/capabilities.7 index 707370e291..94d8629da5 100644 --- a/man7/capabilities.7 +++ b/man7/capabilities.7 @@ -596,9 +596,10 @@ capabilities that may be granted by an executable file. The capability bounding set acts as a limiting superset for the capabilities that a thread can add to its inheritable set using .BR capset (2). -This means that if the capability is not in the bounding set, -then a thread can't add one of its permitted capabilities to its -inheritable set and thereby have that capability preserved in its +This means that if a capability is not in the bounding set, +then a thread can't add this capability to its +inheritable set, even if it was in its permitted capabilities, +and thereby cannot have this capability preserved in its permitted set when it .BR execve (2)s a file that has the capability in its inheritable set. |