You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20 lines
879 B
20 lines
879 B
Allows a process to freely manipulate its inheritable
|
|
capabilities. Linux supports the POSIX.1e Inheritable
|
|
set, as well as Bounding and Ambient Linux extension
|
|
vectors. This capability permits dropping bits from the
|
|
Bounding vector. It also permits the process to raise
|
|
Ambient vector bits that are both raised in the
|
|
Permitted and Inheritable sets of the process. This
|
|
capability cannot be used to raise Permitted bits, or
|
|
Effective bits beyond those already present in the
|
|
process' permitted set.
|
|
|
|
[Historical note: prior to the advent of file
|
|
capabilities (2008), this capability was suppressed by
|
|
default, as its unsuppressed behavior was not
|
|
auditable: it could asynchronously grant its own
|
|
Permitted capabilities to and remove capabilities from
|
|
other processes arbitraily. The former leads to
|
|
undefined behavior, and the latter is better served by
|
|
the kill system call.]
|