aboutsummaryrefslogtreecommitdiffstats
path: root/man7/capabilities.7
AgeCommit message (Expand)AuthorFilesLines
2024-05-02man/, share/mk/: Move man*/ to man/Alejandro Colomar1-1872/+0
2024-02-25man*/: srcfixAlejandro Colomar1-1/+1
2023-10-31man*/: srcfix (Use .P instead of .PP or .LP)Alejandro Colomar1-54/+54
2023-05-03man*/, man.ignore.grep: srcfix; warn about blank linesAlejandro Colomar1-5/+5
2023-04-18man*/: ffixGuillem Jover1-1/+1
2023-03-17capabilities.7: ffixAlejandro Colomar1-1/+2
2023-02-05Many pages: Use \[bu] instead of \(buAlejandro Colomar1-133/+133
2023-02-05Many pages: Use \[em] instead of \(emAlejandro Colomar1-2/+2
2023-01-07Many pages: TH: Use lowercaseAlejandro Colomar1-1/+1
2022-12-04Many pages: wfixAlejandro Colomar1-13/+13
2022-10-29Many pages: Use a consistent style for listsAlejandro Colomar1-135/+135
2022-10-29Many pages: Use .TP for tagged paragraphsAlejandro Colomar1-3/+6
2022-10-23capabilities.7: ffixAlejandro Colomar1-1/+1
2022-10-09dist.mk, All pages: .TH: Generate date at 'make dist'Alejandro Colomar1-1/+1
2022-10-09getent.1, iconv.1, intro.1, ldd.1, locale.1, localedef.1, memusage.1, memusag...Alejandro Colomar1-1/+1
2022-10-08memfd_create.2, mlock.2, poll.2, select.2, fopen.3, capabilities.7: tfixŠtěpán Němec1-2/+2
2022-09-09Revert "src.mk, All pages: Move man* to man/"Alejandro Colomar1-0/+1868
2022-09-05src.mk, All pages: Move man* to man/Alejandro Colomar1-1868/+0
2022-08-21All pages: Remove the 5th argument to .THAlejandro Colomar1-1/+1
2022-08-21All pages: Replace the 4th argument to .TH by "Linux man-pages (unreleased)"Alejandro Colomar1-1/+1
2022-07-29Many pages: Use STANDARDS instead of CONFORMING TOAlejandro Colomar1-1/+1
2022-03-20Many pages: Fix style issues reported by `make lint-groff`Alejandro Colomar1-32/+32
2022-02-25Various pages: [Linux-man-pages-copyleft] Use SPDX-License-IdentifierAlejandro Colomar1-21/+1
2022-02-07capabilities.7: improve internal referencesKir Kolyshkin1-22/+40
2021-08-27iconv.1, ldd.1, accept.2, access.2, add_key.2, arch_prctl.2, bpf.2, chmod.2, ...Michael Kerrisk1-1/+1
2021-08-11capabilities.7: Add a reference to user_namespaces(7) for CAP_SETFCAPMichael Kerrisk1-4/+3
2021-08-08capabilities.7, user_namespaces.7: Minor tweaks (part 2) to Kir Kolyshkin's p...Michael Kerrisk1-3/+3
2021-08-08capabilities.7: Minor tweaks to Kir's patchAlejandro Colomar1-2/+3
2021-08-08capabilities.7, user_namespaces.7: Describe CAP_SETFCAPKir Kolyshkin1-0/+6
2021-08-07capabilities.7: tfixKir Kolyshkin1-1/+1
2021-05-17capabilities.7: CAP_IPC_LOCK also governs memory allocation using huge pagesMichael Kerrisk1-0/+10
2021-05-12capabilities.7: ffixAkihiro Motoki1-2/+2
2021-03-22getent.1, ldd.1, locale.1, localedef.1, memusage.1, memusagestat.1, mtrace.1,...Michael Kerrisk1-1/+1
2021-01-21Various pages: use real minus signs in pathnamesMichael Kerrisk1-7/+7
2021-01-09Various pages: tfix (Oxford comma)Michael Kerrisk1-1/+1
2020-10-27capabilities.7: Under CAP_SYS_ADMIN, group "sub-capabilities" togetherMichael Kerrisk1-7/+10
2020-10-27capabilities.7: CAP_SYS_ADMIN implies CAP_CHECKPOINT_RESTOREMichael Kerrisk1-0/+5
2020-10-27capabilities.7: tfixMichael Kerrisk1-2/+2
2020-10-27capabilities.7: Document the CAP_CHECKPOINT_RESTORE capability added in Linux...Michael Kerrisk1-0/+29
2020-10-27capabilities.7: Add kernel doc reference for CAP_PERFMONMichael Kerrisk1-0/+2
2020-10-27capabilities.7: ffixMichael Kerrisk1-1/+1
2020-08-22capabilities.7: tfixSteve Hilder1-1/+1
2020-08-13intro.1, clock_getres.2, execve.2, fcntl.2, iopl.2, lseek.2, mknod.2, mmap.2,...Michael Kerrisk1-1/+1
2020-07-17capabilities.7: tfixMichael Kerrisk1-1/+1
2020-07-17capabilities.7: CAP_SYS_RESOURCE: add two more items for POSIX message queuesSaikiran Madugula1-1/+4
2020-07-06intro.1, localedef.1, memusage.1, memusagestat.1, bpf.2, execve.2, fork.2, ke...Michael Kerrisk1-1/+1
2020-06-24capabilities.7: Clarify that CAP_SYS_NICE relates to *lowering* the nice valueDan Kenigsberg1-1/+1
2020-06-24capabilities.7: srcfixMichael Kerrisk1-2/+0
2020-06-24capabilities.7: tfixMichael Kerrisk1-1/+1
2020-06-24capabilities.7: Clarify wording around increasing process nice valueMichael Kerrisk1-1/+1
2020-06-12capabilities.7: Document CAP_BPFMichael Kerrisk1-2/+14
2020-06-12capabilities.7: srcfixMichael Kerrisk1-1/+0
2020-06-12capabilities.7: Add CAP_PERFMONMichael Kerrisk1-2/+19
2020-06-10capabilities.7: SEE ALSO: add getpcaps(8)Michael Kerrisk1-0/+1
2020-04-19capabilities.7: tfixMichael Kerrisk1-2/+2
2020-04-19capabilities.7: tfixMichael Kerrisk1-1/+1
2019-12-30capabilities.7: Minor clarification of historical behaviorMichael Kerrisk1-1/+3
2019-12-30capabilities.7: wfixMichael Kerrisk1-3/+7
2019-08-26capabilities.7: tfixMarko Myllynen1-1/+1
2019-08-02capabilities.7: CAP_SYS_ADMIN allows modifying autogroup nice valuesMichael Kerrisk1-0/+5
2019-08-02pldd.1, bpf.2, chdir.2, clone.2, fanotify_init.2, fanotify_mark.2, intro.2, i...Michael Kerrisk1-1/+1
2019-07-28capabilities.7: Add pivot_root(2) to CAP_SYS_ADMIN listMichael Kerrisk1-0/+1
2019-07-17capabilities.7: Add a note about using strace on binaries that have capabilitiesMichael Kerrisk1-0/+14
2019-07-01capabilities.7: CAP_FOWNER also allows modifying user xattrs on sticky direct...Michael Kerrisk1-0/+4
2019-03-06getent.1, iconv.1, ldd.1, locale.1, localedef.1, memusage.1, memusagestat.1, ...Michael Kerrisk1-1/+1
2019-02-23capabilities.7: tfixMichael Kerrisk1-1/+1
2019-02-23capabilities.7: CAP_SYS_CHROOT allows use of setns() to change the mount name...Michael Kerrisk1-2/+9
2019-02-23capabilities.7: srcfixMichael Kerrisk1-0/+1
2019-02-23capabilities.7: Add a subsection on per-user-namespace "set-user-ID-root" pro...Michael Kerrisk1-0/+17
2019-02-23capabilities.7: Relocate the subsection "Interaction with user namespaces"Michael Kerrisk1-5/+6
2019-02-23capabilities.7: wfixMichael Kerrisk1-1/+4
2019-02-23capabilities.7: Substantially rework "Capabilities and execution of programs ...Michael Kerrisk1-39/+55
2019-02-23capabilities.7: tfixMichael Kerrisk1-1/+1
2019-02-23capabilities.7: Improve the discussion of when file capabilities are ignoredMichael Kerrisk1-7/+4
2019-02-23capabilities.7: Document the 'no_file_caps' kernel command-line optionMichael Kerrisk1-0/+5
2019-02-10capabilities.7: Rework discussion of exec and UID 0, correcting a couple of d...Michael Kerrisk1-12/+26
2019-02-07capabilities.7: srcfixMichael Kerrisk1-0/+2
2018-11-17capabilities.7: Update URL for libcap tarballsMichael Kerrisk1-1/+1
2018-11-01capabilities.7: Minor fixes to Marcus Gelderie's patchMichael Kerrisk1-2/+5
2018-11-01capabilities.7: Mention header for SECBIT constantsMarcus Gelderie1-0/+2
2018-11-01capabilities.7: Correct the description of SECBIT_KEEP_CAPSMichael Kerrisk1-3/+2
2018-11-01capabilities.7: Minor tweaks to the text added by Marcus Gelderie's patchMichael Kerrisk1-3/+5
2018-11-01capabilities.7: Add details about SECBIT_KEEP_CAPSMarcus Gelderie1-0/+7
2018-09-29capabilities.7: Update URL for location of POSIX.1e draft standardMichael Kerrisk1-1/+1
2018-09-13capabilities.7: Ambient capabilities do not trigger secure-execution modeMichael Kerrisk1-0/+5
2018-08-03capabilities.7: tfixMichael Kerrisk1-1/+1
2018-07-02capabilities.7: Note that v3 security.attributes are transparently created/re...Michael Kerrisk1-2/+31
2018-07-01capabilities.7: Fix some imprecisions in discussion of namespaced file capabi...Michael Kerrisk1-9/+5
2018-07-01capabilities.7: wfixMichael Kerrisk1-3/+3
2018-07-01capabilities.7: wfixMichael Kerrisk1-4/+5
2018-07-01capabilities.7: srcfix: Removed FIXMEMichael Kerrisk1-3/+0
2018-06-24capabilities.7: wfixMichael Kerrisk1-1/+1
2018-05-02capabilities.7: tfixMichael Kerrisk1-1/+1
2018-05-02capabilities.7: ffixMichael Kerrisk1-1/+1
2018-05-01capabilities.7: ffixMichael Kerrisk1-4/+4
2018-05-01capabilities.7: Add background details on capability transformations during e...Michael Kerrisk1-1/+14
2018-05-01capabilities.7: Minor rewordingMichael Kerrisk1-1/+1
2018-05-01capabilities.7: Reorder text on capability bounding setMichael Kerrisk1-30/+30
2018-05-01capabilities.7: Rework bounding set as per-thread set in transformation rulesMichael Kerrisk1-6/+6
2018-05-01capabilities.7: Add text introducing bounding set along with other thread cap...Michael Kerrisk1-0/+12
2018-05-01capabilities.7: Clarify which capability sets capset(2) and capget(2) apply toMichael Kerrisk1-1/+2
2018-05-01capabilities.7: wfixMichael Kerrisk1-1/+1
2018-04-27capabilities.7: tfixJakub Wilk1-1/+1
2018-04-19capabilities.7: tfixMichael Kerrisk1-1/+1
2018-04-13capabilities.7: srcfix: FIXMEMichael Kerrisk1-0/+3
2018-04-13capabilities.7: Rework file capability versioning and namespaced file caps textMichael Kerrisk1-31/+54
2018-04-13capabilities.7: Explain when VFS_CAP_REVISION_3 file capabilities have effectMichael Kerrisk1-0/+7
2018-04-13capabilities.7: Explain rules that determine version of security.capability x...Michael Kerrisk1-0/+38
2018-04-13capabilities.7: Explain term "namespace root user ID"Michael Kerrisk1-1/+3
2018-04-13capabilities.7: Document namespaced-file capabilitiesMichael Kerrisk1-1/+47
2018-04-13capabilities.7: Describe file capability versioningMichael Kerrisk1-0/+34
2018-02-21capabilities.7: remove redundant mention of PTRACE_SECCOMP_GET_FILTERMichael Kerrisk1-5/+0
2018-02-02iconv.1, bpf.2, copy_file_range.2, fcntl.2, memfd_create.2, mlock.2, mount.2,...Michael Kerrisk1-1/+1
2018-01-13capabilities.7: spfixMichael Kerrisk1-1/+1
2017-12-16capabilities.7: Clarify effect of CAP_SETFCAPMichael Kerrisk1-1/+1
2017-12-05capabilities.7: Rephrase CAP_SETPCAP descriptionMichael Kerrisk1-11/+11
2017-12-03capabilities.7: SECBIT_KEEP_CAPS is ignored if SECBIT_NO_SETUID_FIXUP is setMichael Kerrisk1-0/+7
2017-12-03capabilities.7: wfixMichael Kerrisk1-1/+1
2017-12-03capabilities.7: Note which capability sets are affected by SECBIT_NO_SETUID_F...Michael Kerrisk1-1/+2
2017-12-02capabilities.7: Deemphasize the ancient prctl(2) PR_SET_KEEPCAPS commandMichael Kerrisk1-3/+0
2017-12-02capabilities.7: Minor wording fixMichael Kerrisk1-2/+3
2017-12-02capabilities.7: wfixMichael Kerrisk1-1/+1
2017-12-02capabilities.7: Clarify which capability sets are effected by SECBIT_KEEP_CAPSMichael Kerrisk1-2/+4
2017-12-02capabilities.7: wfixMichael Kerrisk1-5/+5
2017-12-02capabilities.7: Ambient set is also cleared when UIDs are set to nonzero valueMichael Kerrisk1-1/+1
2017-12-02capabilities.7: wfixMichael Kerrisk1-1/+1
2017-11-07capabilities.7: srcfix: FIXMEMichael Kerrisk1-0/+2
2017-11-07capabilities.7: srcfix: FIXMEMichael Kerrisk1-0/+1
2017-11-07capabilities.7: Add a reference to xattr(7) in the discussion of extended att...Michael Kerrisk1-1/+3
2017-09-25capabilities.7: SEE ALSO: add captest(8)Michael Kerrisk1-0/+1
2017-09-15iconv.1, ldd.1, locale.1, localedef.1, memusage.1, memusagestat.1, mtrace.1, ...Michael Kerrisk1-1/+1
2017-08-19execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, k...Michael Kerrisk1-4/+4
2017-08-12capabilities.7: ffixMichael Kerrisk1-26/+26
2017-08-12capabilities.7: srcfix: remove excess .RE tagMichael Kerrisk1-1/+0
2017-07-18capabilities.7: Note that a set-UID-root program may have an empty file capab...Michael Kerrisk1-0/+5
2017-07-18capabilities.7: Note semantics for a program that is set-UID-root and has cap...Michael Kerrisk1-0/+9
2017-07-13Changes, ldd.1, chown.2, epoll_wait.2, get_mempolicy.2, ioctl_getfsmap.2, mad...Michael Kerrisk1-1/+1
2017-07-05capabilities.7: Fix reversed descriptions of CAP_MAC_OVERRIDE and CAP_MAC_ADMINMichael Kerrisk1-2/+2
2017-05-08capabilities.7: SEE ALSO: add filecap(8), netcap(8), pscap(8)Michael Kerrisk1-0/+3
2017-05-04capabilities.7: Clarify the effect on process capabilities when UID 0 does ex...Michael Kerrisk1-6/+14
2017-05-04capabilities.7: Note effect on capabilities when a process with UID != 0 does...Michael Kerrisk1-0/+12
2017-05-04capabilities.7: wfixMichael Kerrisk1-1/+1
2017-01-30futex.2, open_by_handle_at.2, seccomp.2, socket.2, console_codes.4, protocols...Jakub Wilk1-1/+1
2017-01-26capabilities.7: Further enhance the recommendation against new uses of CAP_SY...Michael Kerrisk1-2/+6
2017-01-26capabilities.7: Explicitly point from CAP_SYS_ADMIN to "Notes for kernel deve...Michael Kerrisk1-0/+5
2017-01-25capabilities.7: Improvements after feedback from Casey SchauflerMichael Kerrisk1-7/+13
2017-01-25capabilities.7: Add subsection with notes to kernel developersMichael Kerrisk1-0/+42
2017-01-25capabilities.7: Adjust references to chattr(1) to point to ioctl_iflags(2)Michael Kerrisk1-3/+3
2017-01-25capabilities.7: srcfixMichael Kerrisk1-1/+0
2016-12-16capabilities.7: Document a new use of CAP_SYS_RESOURCEMichael Kerrisk1-0/+7
2016-12-16capabilities.7: tfixMichael Kerrisk1-1/+1
2016-12-16capabilities.7: Add another case for CAP_DAC_READ_SEARCHMichael Kerrisk1-1/+6
2016-12-15capabilities.7: Add some more operations governed by CAP_SYS_ADMINMichael Kerrisk1-1/+13
2016-12-15capabilities.7: Add a few more operations covered by CAP_SYS_ADMINMichael Kerrisk1-0/+8
2016-12-15capabilities.7: Refer to execve(2) for the reasons that file capabilities may...Michael Kerrisk1-8/+7
2016-12-15capabilities.7: ffixMichael Kerrisk1-4/+4
2016-12-12bind.2, chmod.2, chown.2, chroot.2, clock_getres.2, clone.2, connect.2, dup.2...Michael Kerrisk1-1/+1
2016-11-09capabilities.7: CAP_SYS_ADMIN allows privileged ioctl() operations on /dev/ra...Michael Kerrisk1-0/+7
2016-11-08capabilities.7: CAP_SYS_ADMIN governs ptrace(2) PTRACE_SECCOMP_GET_FILTERMichael Kerrisk1-0/+5
2016-10-29capabilities.7: srcfix: FIXME tidy-upMichael Kerrisk1-0/+1
2016-10-19capabilities.7: wfixMichael Kerrisk1-1/+1
2016-10-18capabilities.7: tfix + wfixMichael Kerrisk1-4/+30
2016-10-18capabilities.7: ffixMichael Kerrisk1-2/+2
2016-10-07getrusage.2, madvise.2, memfd_create.2, mlock.2, mount.2, getauxval.3, core.5...Michael Kerrisk1-3/+3
2016-09-20capabilities.7: SEE ALSO: add proc(5)Michael Kerrisk1-0/+1
2016-08-20capabilities.7: Minor tweaks to Matthew Saunders' patchMichael Kerrisk1-5/+7
2016-08-20capabilities.7: Add note about nosuid to file capabilities sectionMichael Kerrisk1-0/+7
2016-08-08capabilities.7: Fix order of SEE ALSO entriesMichael Kerrisk1-1/+1
2016-07-17ldd.1, localedef.1, add_key.2, chroot.2, clone.2, fork.2, futex.2, get_mempol...Michael Kerrisk1-1/+1
2016-07-07capabilities.7: Note on SECURE_NO_CAP_AMBIENT_RAISE for capabilities-only env...Michael Kerrisk1-0/+2
2016-07-07capabilities.7: Add a detail on use of securebitsMichael Kerrisk1-0/+1
2016-03-15Removed trailing white space at end of linesMichael Kerrisk1-1/+1
2016-03-15locale.1, localedef.1, _exit.2, accept.2, access.2, acct.2, adjtimex.2, bdflu...Michael Kerrisk1-1/+1
2016-03-10capabilities.7: wfixMichael Kerrisk1-1/+1
2016-03-10capabilities.7: Explain safety check for capability-dumb binariesMichael Kerrisk1-0/+36
2016-03-10capabilities.7: wfixMichael Kerrisk1-1/+1
2016-03-09capabilities.7: wfixMichael Kerrisk1-1/+1
2016-02-29capabilities.7: spfixJakub Wilk1-1/+1
2016-02-28capabilities.7: tfixJakub Wilk1-1/+1
2016-02-26capabilities.7: tfixMichael Kerrisk1-1/+1
2016-02-03membarrier.2, crypt.3, dladdr.3, duplocale.3, fmemopen.3, gethostbyname.3, ma...Michael Kerrisk1-1/+0
2015-12-05mremap.2, open.2, perf_event_open.2, prctl.2, ptrace.2, reboot.2, seccomp.2, ...Michael Kerrisk1-1/+1
2015-12-04capabilities.7: Various additions and reworkings for ambient capability textMichael Kerrisk1-11/+20
2015-12-04capabilities.7: srcfixMichael Kerrisk1-8/+10
2015-12-04capabilities.7: Document ambient capabilitiesAndy Lutomirski1-6/+34
2015-07-23capabilities.7: CAP_SYS_ADMIN allows calling bpf(2)Michael Kerrisk1-0/+3
2015-05-07add_key.2, chown.2, epoll_ctl.2, epoll_wait.2, execve.2, fcntl.2, get_mempoli...Michael Kerrisk1-1/+1
2015-04-22getxattr.2, listxattr.2, removexattr.2, setxattr.2, capabilities.7: Adjust "a...Michael Kerrisk1-1/+1
2015-04-21chown.2, execve.2, prctl.2, truncate.2, proc.5, capabilities.7, ld.so.8: Tigh...Michael Kerrisk1-1/+1
2015-03-22capabilities.7: tfixMichael Kerrisk1-1/+1
2015-03-22capabilities.7: tfixMichael Kerrisk1-1/+1
2015-03-22capabilities.7: tfixMichael Kerrisk1-1/+1
2015-02-21capabilities.7: Mention SECBIT_KEEP_CAPS as an alternative to prctl() PR_SET_...Michael Kerrisk1-1/+3
2015-02-21capabilities.7: srcfixMichael Kerrisk1-1/+3
2015-02-21capabilities.7: Minor tweaksMichael Kerrisk1-1/+4
2015-02-21capabilities.7: NOTES: add last kernel versions for obsolete optionsChris Mayo1-2/+2
2015-02-01kexec_load.2, personality.2, prctl.2, reboot.2, socket.2, fflush.3, getopt.3,...Michael Kerrisk1-1/+1
2015-02-01capabilities.7: SEE ALSO: add setpriv(1)Michael Kerrisk1-1/+1
2015-01-16capabilities.7: Minor improvement of detailMichael Kerrisk1-1/+1
2015-01-16capabilities.7: tfixMichael Kerrisk1-1/+1
generated by cgit 1.2.3-korg (git 2.43.0) at 2025-07-04 05:56:45 +0000