Manual pages: cap_from_text.3: Clarify a detail of cap_from_text() action list

The fact that the action list of a cap_from_text() clause can include
multiple operator-flag pairs is a little hidden in this page. Make it
clearer by separating this information out into a separate paragraph and
showing an example of the equivalence to multple clauses.

Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>

1 files changed, 10 insertions, 3 deletions

diff --git a/doc/cap_from_text.3 b/doc/cap_from_text.3
index e59ca59..9f4c50b 100644
--- a/doc/cap_from_text.3
+++ b/doc/cap_from_text.3
@@ -139,9 +139,16 @@ capability list and one or more explicit trailing flags.  The `+'
 operator will raise all of the listed capabilities in the flagged
 capability sets.  The `\-' operator will lower all of the listed
 capabilities in the flagged capability sets.  For example:
-"all+p" will raise all of the Permitted capabilities; "cap_fowner+p\-i"
-will raise the override-file-ownership capability in the Permitted
-capability set and lower this Inheritable capability;
+"all+p" will raise all of the Permitted capabilities and
+"cap_fowner\-i" will lower the override-file-ownership in the Inheritable set.
+.PP
+The action list can consist of multiple
+.I operator flag
+pairs; the actions are performed in left-to-right order.
+Thus, for example,
+"cap_fowner+p\-i"
+is equivalent to "cap_fowner+p cap_fowner\-i".
+As another example,
 "cap_fowner+pe\-i" and "cap_fowner=+pe" are equivalent.
 .SH "RETURN VALUE"
 .BR cap_from_text (),