diff options
author | Michael Kerrisk <mtk.manpages@gmail.com> | 2020-10-27 13:54:22 +0100 |
---|---|---|
committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2020-10-27 14:51:44 +0100 |
commit | 2fbfb575b83cb0ec6f6ceaaa8e097837c466b6aa (patch) | |
tree | c23d7a55180f25168c9f6dcc3b4d684259f9cd0d | |
parent | 045c5bde7715d11c16a60c808dc4fc7ead0e0fd1 (diff) | |
download | man-pages-2fbfb575b83cb0ec6f6ceaaa8e097837c466b6aa.tar.gz |
capabilities.7: Under CAP_SYS_ADMIN, group "sub-capabilities" together
CAP_BPF, CAP_PERFMON, and CAP_CHECKPOINT_RESTORE have all been
added to split out the power of CAP_SYS_ADMIN into weaker pieces.
Group all of these capabilities together in the list under
CAP_SYS_ADMIN, to make it clear that there is a pattern to these
capabilities.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
-rw-r--r-- | man7/capabilities.7 | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/man7/capabilities.7 b/man7/capabilities.7 index 862f895465..6fecd5af84 100644 --- a/man7/capabilities.7 +++ b/man7/capabilities.7 @@ -415,6 +415,16 @@ access the same checkpoint/restore functionality that is governed by (but the latter, weaker capability is preferred for accessing that functionality). .IP * +perform the same BPF operations as are governed by +.BR CAP_BPF +(but the latter, weaker capability is preferred for accessing +that functionality). +.IP * +employ the same performance monitoring mechanisms as are governed by +.BR CAP_PERFMON +(but the latter, weaker capability is preferred for accessing +that functionality). +.IP * perform .B IPC_SET and @@ -463,9 +473,6 @@ and (but, since Linux 3.8, creating user namespaces does not require any capability); .IP * -employ various performance monitoring mechanisms (as for -.BR CAP_PERFMON ); -.IP * access privileged .I perf event information; @@ -481,10 +488,6 @@ namespace); call .BR fanotify_init (2); .IP * -perform various BPF operations; -see -.BR CAP_BPF ; -.IP * perform privileged .B KEYCTL_CHOWN and |