[PATCH 12/15] Manual pages: cap_get_file.3: NOTES: note the effect of the Ambient set
Michael Kerrisk (man-pages)
mtk.manpages at gmail.com
Mon Jul 20 09:13:25 UTC 2020
The addition of Ambient capabilities in Linux 4.3 rendered the text on
the effect of the Effective bit during execve(2) out-of-date. Fix that.
Also add a couple of paragraph breaks to improve readability.
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages at gmail.com>
---
doc/cap_get_file.3 | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/doc/cap_get_file.3 b/doc/cap_get_file.3
index ceacbaf..dc7b571 100644
--- a/doc/cap_get_file.3
+++ b/doc/cap_get_file.3
@@ -103,13 +103,18 @@ or
These functions are specified by withdrawn POSIX.1e draft specification.
.SH NOTES
Support for file capabilities is provided on Linux since version 2.6.24.
-
+.PP
On Linux, the file Effective set is a single bit.
If it is enabled, then all Permitted capabilities are enabled
in the Effective set of the calling process when the file is executed;
-otherwise, no capabilities are enabled in the process's Effective set
+otherwise, the process's Ambient capabilities
+(or, before the Linux 4.3 addition of Ambient capabilities, no capabilities)
+are enabled in the process's Effective set
following an
-.BR execve (2).
+.BR execve (2)
+(see
+.BR capabilities (7)).
+.PP
Because the file Effective set is a single bit,
if any capability is enabled in the Effective set of the
.I cap_t
--
2.26.2
More information about the Linux-security-module-archive
mailing list