diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2021-09-07 10:47:45 -0700 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2021-09-07 10:47:45 -0700 |
| commit | 8434c10a690f3352ff5d8cb011859502718a60b7 (patch) | |
| tree | 0984bdf323e0d94e8a58b2611c90cf75569b202e /progs | |
| parent | 8b3ffc23b6cbe42d2eac5a3c0d970fd26472a246 (diff) | |
| download | libcap2-8434c10a690f3352ff5d8cb011859502718a60b7.tar.gz | |
Be more systematic about POSIX.1e value group names
cap.Set's have Flag component Values
cap.IAB's have Vector component Values
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'progs')
| -rw-r--r-- | progs/capshdoc.h | 39 |
1 files changed, 22 insertions, 17 deletions
diff --git a/progs/capshdoc.h b/progs/capshdoc.h index c182144..2ac6ecb 100644 --- a/progs/capshdoc.h +++ b/progs/capshdoc.h @@ -64,24 +64,29 @@ static const char *explanation7[] = { /* cap_setuid = 7 */ }; static const char *explanation8[] = { /* cap_setpcap = 8 */ "Allows a process to freely manipulate its inheritable", - "capabilities. Linux supports the POSIX.1e Inheritable", - "set, as well as Bounding and Ambient Linux extension", - "vectors. This capability permits dropping bits from the", - "Bounding vector. It also permits the process to raise", - "Ambient vector bits that are both raised in the", - "Permitted and Inheritable sets of the process. This", - "capability cannot be used to raise Permitted bits, or", - "Effective bits beyond those already present in the", - "process' permitted set.", + "capabilities.", "", - "[Historical note: prior to the advent of file", - "capabilities (2008), this capability was suppressed by", - "default, as its unsuppressed behavior was not", - "auditable: it could asynchronously grant its own", - "Permitted capabilities to and remove capabilities from", - "other processes arbitrarily. The former leads to", - "undefined behavior, and the latter is better served by", - "the kill system call.]", + "Linux supports the POSIX.1e Inheritable set, the POXIX.1e (X", + "vector) known in Linux as the Bounding vector, as well as", + "the Linux extension Ambient vector.", + "", + "This capability permits dropping bits from the Bounding", + "vector (ie. raising B bits in the libcap IAB", + "representation). It also permits the process to raise", + "Ambient vector bits that are both raised in the Permitted", + "and Inheritable sets of the process. This capability cannot", + "be used to raise Permitted bits, Effective bits beyond those", + "already present in the process' permitted set, or", + "Inheritable bits beyond those present in the Bounding", + "vector.", + "", + "[Historical note: prior to the advent of file capabilities", + "(2008), this capability was suppressed by default, as its", + "unsuppressed behavior was not auditable: it could", + "asynchronously grant its own Permitted capabilities to and", + "remove capabilities from other processes arbitrarily. The", + "former leads to undefined behavior, and the latter is better", + "served by the kill system call.]", NULL }; static const char *explanation9[] = { /* cap_linux_immutable = 9 */ |