From 3b13efed75e67da9c4d501bedd77a30052afa7be Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Wed, 17 Jul 2019 04:19:01 +0200
Subject: [PATCH] capabilities.7: Add a note about using strace on binaries
 that have capabilities

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man7/capabilities.7 | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/man7/capabilities.7 b/man7/capabilities.7
index e9f46487aa..bdf36c9a40 100644
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@@ -1671,6 +1671,20 @@ is based on the withdrawn POSIX.1e draft standard; see
 .UR https://archive.org\:/details\:/posix_1003.1e-990310
 .UE .
 .SH NOTES
+When attempting to
+.BR strace (1)
+binaries that have capabilities (or set-user-ID-root binaries),
+you may find the
+.I \-u <username>
+option useful.
+Something like:
+.PP
+.in +4n
+.EX
+$ \fBsudo strace \-o trace.log \-u ceci ./myprivprog\fP
+.EE
+.in
+.PP
 From kernel 2.5.27 to kernel 2.6.26,
 .\" commit 5915eb53861c5776cfec33ca4fcc1fd20d66dd27 removed
 .\" CONFIG_SECURITY_CAPABILITIES
-- 
2.39.2