[PATCH 11/16] Manual pages: capsh.1: Correct/update the Cap field example for /proc/PID/status
Michael Kerrisk (man-pages)
mtk.manpages at gmail.com
Thu Jul 16 10:18:22 UTC 2020
The /proc/1/status output shown for --decode=N is bogus
(e.g., ffffffffffffffff == 64 capability bits). Furthermore,
showing CAP_SETPCAP as missing from CapEff is historical,
and ceased to be actual more than 10 years ago.
Replace with a more current example, and also add the CapAmb field.
This change renders some of the following text obsolete;
that will be fixed in the next patch.
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages at gmail.com>
---
doc/capsh.1 | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/doc/capsh.1 b/doc/capsh.1
index 522e719..916353a 100644
--- a/doc/capsh.1
+++ b/doc/capsh.1
@@ -198,10 +198,11 @@ This is a convenience feature. If you look at
there are some capability related fields of the following form:
.nf
- CapInh: 0000000000000000
- CapPrm: ffffffffffffffff
- CapEff: fffffffffffffeff
- CapBnd: ffffffffffffffff
+CapInh: 0000000000000000
+CapPrm: 0000003fffffffff
+CapEff: 0000003fffffffff
+CapBnd: 0000003fffffffff
+CapAmb: 0000000000000000
.fi
This option provides a quick way to decode a capability vector
--
2.26.2
More information about the Linux-security-module-archive
mailing list