The inheritable set is used only for calculating the new capability sets after exec().
可继承集只用于在执行 exec() 之后计算新的能力集。
Until now, we have asserted the desired capabilities in the permitted set but not the inheritable set.
到目前为止,我们已经在允许集中设置了所需的能力,但是还没有在可继承集中设置。
The file inheritable set specifies which of the process's inheritable capabilities can be in the process's new permitted set.
文件可继承集决定进程的哪些可继承能力可以放在新的进程允许集中。
The file inheritable set is the set that can be inherited from the parent process's inheritable set into its new permitted set.
文件可继承集中的能力可以从父进程的可继承集继承到新的允许集。
For a process to keep any capabilities after executing a file, the capabilities must be in the file's permitted or inheritable set.
如果进程要在执行一个文件之后保留任何能力,那么这些能力必须被包含在文件的允许集或可继承集中。
If only cap_dac_override is in the file inheritable set, then only that capability can be inherited into the process's new permitted set.
如果文件可继承集中只有cap _ dac_override,那么只能将这个能力继承到新的进程允许集中。
The new permitted set is taken as a union of the file's permitted set and the result of intersecting the file's and process's inheritable sets.
新的允许集是文件的允许集与文件和进程的可继承集的交集合并的结果。
If a non-root user runs this program while running with full capabilities, its inheritable set pI is first masked against fI so it is reduced to just cap_sys_admin.
如果一个非根用户在拥有所有能力的情况下运行这个程序,首先计算它的可继承集(pI)和fI 的交集,所以缩减到只包含 cap_sys_admin。
The capability types represent inheritable and permitted sets, respectively, and separate capability lists can be specified for each set.
能力类型分别代表可继承集和允许集,可以为每个集指定单独的能力列表。
The capability types represent inheritable and permitted sets, respectively, and separate capability lists can be specified for each set.
能力类型分别代表可继承集和允许集,可以为每个集指定单独的能力列表。
应用推荐