You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 lines
1.6 KiB
44 lines
1.6 KiB
Allows a process to perform a somewhat arbitrary
|
|
grab-bag of privileged operations. Over time, this
|
|
capability should weaken as specific capabilities are
|
|
created for subsets of CAP_SYS_ADMINs functionality:
|
|
- configuration of the secure attention key
|
|
- administration of the random device
|
|
- examination and configuration of disk quotas
|
|
- setting the domainname
|
|
- setting the hostname
|
|
- calling bdflush()
|
|
- mount() and umount(), setting up new SMB connection
|
|
- some autofs root ioctls
|
|
- nfsservctl
|
|
- VM86_REQUEST_IRQ
|
|
- to read/write pci config on alpha
|
|
- irix_prctl on mips (setstacksize)
|
|
- flushing all cache on m68k (sys_cacheflush)
|
|
- removing semaphores
|
|
- Used instead of CAP_CHOWN to "chown" IPC message
|
|
queues, semaphores and shared memory
|
|
- locking/unlocking of shared memory segment
|
|
- turning swap on/off
|
|
- forged pids on socket credentials passing
|
|
- setting readahead and flushing buffers on block
|
|
devices
|
|
- setting geometry in floppy driver
|
|
- turning DMA on/off in xd driver
|
|
- administration of md devices (mostly the above, but
|
|
some extra ioctls)
|
|
- tuning the ide driver
|
|
- access to the nvram device
|
|
- administration of apm_bios, serial and bttv (TV)
|
|
device
|
|
- manufacturer commands in isdn CAPI support driver
|
|
- reading non-standardized portions of PCI
|
|
configuration space
|
|
- DDI debug ioctl on sbpcd driver
|
|
- setting up serial ports
|
|
- sending raw qic-117 commands
|
|
- enabling/disabling tagged queuing on SCSI
|
|
controllers and sending arbitrary SCSI commands
|
|
- setting encryption key on loopback filesystem
|
|
- setting zone reclaim policy
|