Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
.BR AT_SECURE
Has a nonzero value if this executable should be treated securely.
Most commonly, a nonzero value indicates that the process is
-executing a set-user-ID or set-group-ID binary,
-or a binary file that has capabilities (see
+executing a set-user-ID or set-group-ID binary
+(so that it's real and effective UIDs or GIDs differ from one another),
+or that it gained capabilities by executing
+a binary file that has capabilities (see
.BR capabilities (7)).
Alternatively,
a nonzero value may be triggered by a Linux Security Module.