capabilities.7: Document the 'no_file_caps' kernel command-line option

author Michael Kerrisk <mtk.manpages@gmail.com>

Tue, 12 Feb 2019 09:15:35 +0000 (10:15 +0100)

committer Michael Kerrisk <mtk.manpages@gmail.com>

Sat, 23 Feb 2019 21:03:20 +0000 (22:03 +0100)
author Michael Kerrisk <mtk.manpages@gmail.com>
Tue, 12 Feb 2019 09:15:35 +0000 (10:15 +0100)
committer Michael Kerrisk <mtk.manpages@gmail.com>
Sat, 23 Feb 2019 21:03:20 +0000 (22:03 +0100)
diff --git a/man7/capabilities.7 b/man7/capabilities.7

index 2a6a0f07934170ea9b5f870bcb95404e7cb0f92b..44b6d60792c19335d501a27a4dda04c72e9d9163 100644 (file)
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@@ -1134,6 +1134,11 @@ the capability transitions described above may
  be performed (i.e., file capabilities may be ignored) for the same reasons
  that the set-user-ID and set-group-ID bits are ignored; see
  .BR execve (2).
+.IR Note :
+if the kernel was booted with the
+.I no_file_caps
+option, then file capabilities are ignored (treated as empty)
+during the capability transitions described above.
  .PP
  .IR Note :
  according to the rules above,
author	Michael Kerrisk <mtk.manpages@gmail.com>
	Tue, 12 Feb 2019 09:15:35 +0000 (10:15 +0100)
committer	Michael Kerrisk <mtk.manpages@gmail.com>
	Sat, 23 Feb 2019 21:03:20 +0000 (22:03 +0100)