]>
git.ipfire.org Git - thirdparty/man-pages.git/commit
capabilities.7: srcfix: Removed FIXME
No credential match of file UID and namespace creator UID
is needed to create a v3 security extended attribute.
Verified by experiment using my userns_child_exec.c and
show_creds.c programs (available on http://man7.org/tlpi/code):
$ sudo setcap cap_setuid,cap_dac_override=pe \
./userns_child_exec
$ ./userns_child_exec -U -r setcap cap_kill=pe show_creds
$ ./userns_child_exec -U -M '0 1000 10' -G '0 1000 1' \
-s 1 ./show_creds
eUID = 1; eGID = 0; capabilities: = cap_kill+ep
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>