1CAPABILITIES(7)            Linux Programmer's Manual           CAPABILITIES(7)
2
3
4

NAME

6       capabilities - overview of Linux capabilities
7

DESCRIPTION

9       For  the  purpose  of  performing  permission  checks, traditional Unix
10       implementations distinguish two  categories  of  processes:  privileged
11       processes  (whose  effective  user ID is 0, referred to as superuser or
12       root), and unprivileged processes (whose  effective  UID  is  nonzero).
13       Privileged processes bypass all kernel permission checks, while unpriv‐
14       ileged processes are subject to full permission checking based  on  the
15       process's  credentials (usually: effective UID, effective GID, and sup‐
16       plementary group list).
17
18       Starting with kernel 2.2, Linux divides  the  privileges  traditionally
19       associated  with  superuser into distinct units, known as capabilities,
20       which can be independently enabled and disabled.   Capabilities  are  a
21       per-thread attribute.
22
23   Capabilities List
24       The following list shows the capabilities implemented on Linux, and the
25       operations or behaviors that each capability permits:
26
27       CAP_AUDIT_CONTROL (since Linux 2.6.11)
28              Enable and  disable  kernel  auditing;  change  auditing  filter
29              rules; retrieve auditing status and filtering rules.
30
31       CAP_AUDIT_WRITE (since Linux 2.6.11)
32              Write records to kernel auditing log.
33
34       CAP_CHOWN
35              Make arbitrary changes to file UIDs and GIDs (see chown(2)).
36
37       CAP_DAC_OVERRIDE
38              Bypass file read, write, and execute permission checks.  (DAC is
39              an abbreviation of "discretionary access control".)
40
41       CAP_DAC_READ_SEARCH
42              Bypass file read permission checks and directory read  and  exe‐
43              cute permission checks.
44
45       CAP_FOWNER
46              * Bypass  permission  checks on operations that normally require
47                the file system UID of the process to match  the  UID  of  the
48                file  (e.g.,  chmod(2),  utime(2)), excluding those operations
49                covered by CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH;
50              * set extended file  attributes  (see  chattr(1))  on  arbitrary
51                files;
52              * set Access Control Lists (ACLs) on arbitrary files;
53              * ignore directory sticky bit on file deletion;
54              * specify O_NOATIME for arbitrary files in open(2) and fcntl(2).
55
56       CAP_FSETID
57              Don't  clear set-user-ID and set-group-ID permission bits when a
58              file is modified; set the set-group-ID bit for a file whose  GID
59              does  not match the file system or any of the supplementary GIDs
60              of the calling process.
61
62       CAP_IPC_LOCK
63              Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)).
64
65       CAP_IPC_OWNER
66              Bypass permission checks for operations on System V IPC objects.
67
68       CAP_KILL
69              Bypass permission checks  for  sending  signals  (see  kill(2)).
70              This includes use of the ioctl(2) KDSIGACCEPT operation.
71
72       CAP_LEASE (since Linux 2.4)
73              Establish leases on arbitrary files (see fcntl(2)).
74
75       CAP_LINUX_IMMUTABLE
76              Set  the  FS_APPEND_FL  and  FS_IMMUTABLE_FL  i-node  flags (see
77              chattr(1)).
78
79       CAP_MAC_ADMIN (since Linux 2.6.25)
80              Override Mandatory Access Control (MAC).   Implemented  for  the
81              Smack Linux Security Module (LSM).
82
83       CAP_MAC_OVERRIDE (since Linux 2.6.25)
84              Allow  MAC  configuration or state changes.  Implemented for the
85              Smack LSM.
86
87       CAP_MKNOD (since Linux 2.4)
88              Create special files using mknod(2).
89
90       CAP_NET_ADMIN
91              Perform various network-related operations (e.g., setting privi‐
92              leged  socket options, enabling multicasting, interface configu‐
93              ration, modifying routing tables).
94
95       CAP_NET_BIND_SERVICE
96              Bind a socket to Internet domain privileged ports (port  numbers
97              less than 1024).
98
99       CAP_NET_BROADCAST
100              (Unused)  Make socket broadcasts, and listen to multicasts.
101
102       CAP_NET_RAW
103              Use RAW and PACKET sockets.
104
105       CAP_SETGID
106              Make  arbitrary  manipulations of process GIDs and supplementary
107              GID list; forge GID when passing  socket  credentials  via  Unix
108              domain sockets.
109
110       CAP_SETFCAP (since Linux 2.6.24)
111              Set file capabilities.
112
113       CAP_SETPCAP
114              If  file  capabilities  are  not  supported: grant or remove any
115              capability in the caller's permitted capability set to  or  from
116              any  other process.  (This property of CAP_SETPCAP is not avail‐
117              able when the kernel is configured to support file capabilities,
118              since CAP_SETPCAP has entirely different semantics for such ker‐
119              nels.)
120
121              If file capabilities are supported: add any capability from  the
122              calling thread's bounding set to its inheritable set; drop capa‐
123              bilities from the bounding set (via  prctl(2)  PR_CAPBSET_DROP);
124              make changes to the securebits flags.
125
126       CAP_SETUID
127              Make   arbitrary   manipulations  of  process  UIDs  (setuid(2),
128              setreuid(2), setresuid(2), setfsuid(2)); make  forged  UID  when
129              passing socket credentials via Unix domain sockets.
130
131       CAP_SYS_ADMIN
132              * Perform a range of system administration operations including:
133                quotactl(2),  mount(2),  umount(2),   swapon(2),   swapoff(2),
134                sethostname(2), and setdomainname(2);
135              * perform  IPC_SET and IPC_RMID operations on arbitrary System V
136                IPC objects;
137              * perform operations on trusted and security Extended Attributes
138                (see attr(5));
139              * use lookup_dcookie(2);
140              * use  ioprio_set(2) to assign IOPRIO_CLASS_RT and (before Linux
141                2.6.25) IOPRIO_CLASS_IDLE I/O scheduling classes;
142              * forge UID when passing socket credentials;
143              * exceed /proc/sys/fs/file-max, the  system-wide  limit  on  the
144                number  of  open files, in system calls that open files (e.g.,
145                accept(2), execve(2), open(2), pipe(2));
146              * employ CLONE_NEWNS flag with clone(2) and unshare(2);
147              * perform KEYCTL_CHOWN and KEYCTL_SETPERM keyctl(2) operations;
148              * perform madvise(2) MADV_HWPOISON operation.
149
150       CAP_SYS_BOOT
151              Use reboot(2) and kexec_load(2).
152
153       CAP_SYS_CHROOT
154              Use chroot(2).
155
156       CAP_SYS_MODULE
157              Load  and  unload  kernel  modules   (see   init_module(2)   and
158              delete_module(2));  in  kernels before 2.6.25: drop capabilities
159              from the system-wide capability bounding set.
160
161       CAP_SYS_NICE
162              * Raise process nice value (nice(2), setpriority(2)) and  change
163                the nice value for arbitrary processes;
164              * set real-time scheduling policies for calling process, and set
165                scheduling policies and  priorities  for  arbitrary  processes
166                (sched_setscheduler(2), sched_setparam(2));
167              * set  CPU  affinity  for  arbitrary  processes (sched_setaffin‐
168                ity(2));
169              * set I/O scheduling class and priority for arbitrary  processes
170                (ioprio_set(2));
171              * apply  migrate_pages(2)  to arbitrary processes and allow pro‐
172                cesses to be migrated to arbitrary nodes;
173              * apply move_pages(2) to arbitrary processes;
174              * use the MPOL_MF_MOVE_ALL flag with mbind(2) and move_pages(2).
175
176       CAP_SYS_PACCT
177              Use acct(2).
178
179       CAP_SYS_PTRACE
180              Trace    arbitrary    processes    using    ptrace(2);     apply
181              get_robust_list(2) to arbitrary processes.
182
183       CAP_SYS_RAWIO
184              Perform  I/O  port  operations  (iopl(2)  and ioperm(2)); access
185              /proc/kcore.
186
187       CAP_SYS_RESOURCE
188              * Use reserved space on ext2 file systems;
189              * make ioctl(2) calls controlling ext3 journaling;
190              * override disk quota limits;
191              * increase resource limits (see setrlimit(2));
192              * override RLIMIT_NPROC resource limit;
193              * raise msg_qbytes limit for a System V message queue above  the
194                limit in /proc/sys/kernel/msgmnb (see msgop(2) and msgctl(2)).
195              * use  F_SETPIPE_SZ to increase the capacity of a pipe above the
196                limit specified by /proc/sys/fs/pipe-max-size.
197
198       CAP_SYS_TIME
199              Set system clock (settimeofday(2), stime(2),  adjtimex(2));  set
200              real-time (hardware) clock.
201
202       CAP_SYS_TTY_CONFIG
203              Use vhangup(2).
204
205   Past and Current Implementation
206       A full implementation of capabilities requires that:
207
208       1. For  all  privileged  operations,  the kernel must check whether the
209          thread has the required capability in its effective set.
210
211       2. The kernel must provide system calls allowing a thread's  capability
212          sets to be changed and retrieved.
213
214       3. The file system must support attaching capabilities to an executable
215          file, so that a process gains those capabilities when  the  file  is
216          executed.
217
218       Before kernel 2.6.24, only the first two of these requirements are met;
219       since kernel 2.6.24, all three requirements are met.
220
221   Thread Capability Sets
222       Each thread has three capability sets containing zero or  more  of  the
223       above capabilities:
224
225       Permitted:
226              This  is a limiting superset for the effective capabilities that
227              the thread may assume.  It is also a limiting superset  for  the
228              capabilities  that  may  be  added  to  the inheritable set by a
229              thread that does not have  the  CAP_SETPCAP  capability  in  its
230              effective set.
231
232              If  a  thread  drops a capability from its permitted set, it can
233              never reacquire that capability (unless it execve(2)s  either  a
234              set-user-ID-root  program,  or  a  program whose associated file
235              capabilities grant that capability).
236
237       Inheritable:
238              This is a set of capabilities preserved across an execve(2).  It
239              provides a mechanism for a process to assign capabilities to the
240              permitted set of the new program during an execve(2).
241
242       Effective:
243              This is the set of capabilities used by the  kernel  to  perform
244              permission checks for the thread.
245
246       A  child created via fork(2) inherits copies of its parent's capability
247       sets.  See below for a discussion of the treatment of capabilities dur‐
248       ing execve(2).
249
250       Using  capset(2),  a thread may manipulate its own capability sets (see
251       below).
252
253   File Capabilities
254       Since kernel 2.6.24, the kernel supports  associating  capability  sets
255       with  an executable file using setcap(8).  The file capability sets are
256       stored in an extended attribute (see setxattr(2)) named  security.capa‐
257       bility.   Writing  to  this extended attribute requires the CAP_SETFCAP
258       capability.  The file capability sets, in conjunction with the capabil‐
259       ity sets of the thread, determine the capabilities of a thread after an
260       execve(2).
261
262       The three file capability sets are:
263
264       Permitted (formerly known as forced):
265              These capabilities are automatically permitted  to  the  thread,
266              regardless of the thread's inheritable capabilities.
267
268       Inheritable (formerly known as allowed):
269              This set is ANDed with the thread's inheritable set to determine
270              which inheritable capabilities are enabled in the permitted  set
271              of the thread after the execve(2).
272
273       Effective:
274              This is not a set, but rather just a single bit.  If this bit is
275              set, then during an execve(2) all of the new permitted capabili‐
276              ties  for  the  thread are also raised in the effective set.  If
277              this bit is not set, then after an execve(2), none  of  the  new
278              permitted capabilities is in the new effective set.
279
280              Enabling the file effective capability bit implies that any file
281              permitted or inheritable capability  that  causes  a  thread  to
282              acquire   the   corresponding  permitted  capability  during  an
283              execve(2) (see the transformation rules  described  below)  will
284              also  acquire  that capability in its effective set.  Therefore,
285              when   assigning   capabilities   to    a    file    (setcap(8),
286              cap_set_file(3),  cap_set_fd(3)),  if  we  specify the effective
287              flag as being enabled for any  capability,  then  the  effective
288              flag  must  also be specified as enabled for all other capabili‐
289              ties for which the corresponding permitted or inheritable  flags
290              is enabled.
291
292   Transformation of Capabilities During execve()
293       During  an execve(2), the kernel calculates the new capabilities of the
294       process using the following algorithm:
295
296           P'(permitted) = (P(inheritable) & F(inheritable)) |
297                           (F(permitted) & cap_bset)
298
299           P'(effective) = F(effective) ? P'(permitted) : 0
300
301           P'(inheritable) = P(inheritable)    [i.e., unchanged]
302
303       where:
304
305           P         denotes the value of a thread capability set  before  the
306                     execve(2)
307
308           P'        denotes the value of a capability set after the execve(2)
309
310           F         denotes a file capability set
311
312           cap_bset  is  the  value  of the capability bounding set (described
313                     below).
314
315   Capabilities and execution of programs by root
316       In order to provide an all-powerful root using capability sets,  during
317       an execve(2):
318
319       1. If a set-user-ID-root program is being executed, or the real user ID
320          of the process is 0 (root) then the file inheritable  and  permitted
321          sets are defined to be all ones (i.e., all capabilities enabled).
322
323       2. If  a  set-user-ID-root  program  is  being  executed, then the file
324          effective bit is defined to be one (enabled).
325
326       The upshot of the above rules, combined with the capabilities transfor‐
327       mations  described above, is that when a process execve(2)s a set-user-
328       ID-root program,  or  when  a  process  with  an  effective  UID  of  0
329       execve(2)s  a  program,  it gains all capabilities in its permitted and
330       effective capability sets, except those masked out  by  the  capability
331       bounding  set.  This provides semantics that are the same as those pro‐
332       vided by traditional Unix systems.
333
334   Capability bounding set
335       The capability bounding set is a security mechanism that can be used to
336       limit  the  capabilities  that  can be gained during an execve(2).  The
337       bounding set is used in the following ways:
338
339       * During an execve(2), the capability bounding set is  ANDed  with  the
340         file  permitted  capability  set, and the result of this operation is
341         assigned to the thread's permitted capability  set.   The  capability
342         bounding  set  thus places a limit on the permitted capabilities that
343         may be granted by an executable file.
344
345       * (Since Linux 2.6.25) The capability bounding set acts as  a  limiting
346         superset  for the capabilities that a thread can add to its inherita‐
347         ble set using capset(2).  This means that if a capability is  not  in
348         the  bounding  set,  then  a  thread can't add this capability to its
349         inheritable set, even if it was in its  permitted  capabilities,  and
350         thereby  cannot  have  this capability preserved in its permitted set
351         when it execve(2)s a file that has the capability in its  inheritable
352         set.
353
354       Note  that  the bounding set masks the file permitted capabilities, but
355       not the inherited capabilities.  If a thread maintains a capability  in
356       its  inherited  set  that is not in its bounding set, then it can still
357       gain that capability in its permitted set by executing a file that  has
358       the capability in its inherited set.
359
360       Depending  on the kernel version, the capability bounding set is either
361       a system-wide attribute, or a per-process attribute.
362
363       Capability bounding set prior to Linux 2.6.25
364
365       In kernels before 2.6.25, the capability bounding set is a  system-wide
366       attribute  that affects all threads on the system.  The bounding set is
367       accessible via the file /proc/sys/kernel/cap-bound.  (Confusingly, this
368       bit  mask  parameter  is  expressed  as  a  signed  decimal  number  in
369       /proc/sys/kernel/cap-bound.)
370
371       Only the init process may set capabilities in the  capability  bounding
372       set;  other than that, the superuser (more precisely: programs with the
373       CAP_SYS_MODULE capability) may only clear capabilities from this set.
374
375       On a standard system the capability bounding set always masks  out  the
376       CAP_SETPCAP  capability.  To remove this restriction (dangerous!), mod‐
377       ify the definition of  CAP_INIT_EFF_SET  in  include/linux/capability.h
378       and rebuild the kernel.
379
380       The  system-wide  capability  bounding  set  feature was added to Linux
381       starting with kernel version 2.2.11.
382
383       Capability bounding set from Linux 2.6.25 onwards
384
385       From  Linux  2.6.25,  the  capability  bounding  set  is  a  per-thread
386       attribute.  (There is no longer a system-wide capability bounding set.)
387
388       The  bounding set is inherited at fork(2) from the thread's parent, and
389       is preserved across an execve(2).
390
391       A thread may remove capabilities from its capability bounding set using
392       the prctl(2) PR_CAPBSET_DROP operation, provided it has the CAP_SETPCAP
393       capability.  Once a capability has been dropped from the bounding  set,
394       it  cannot  be restored to that set.  A thread can determine if a capa‐
395       bility is in its bounding set using the prctl(2) PR_CAPBSET_READ opera‐
396       tion.
397
398       Removing  capabilities  from the bounding set is only supported if file
399       capabilities are compiled into the  kernel  (CONFIG_SECURITY_FILE_CAPA‐
400       BILITIES).   In  that  case, the init process (the ancestor of all pro‐
401       cesses) begins with a full bounding set.  If file capabilities are  not
402       compiled  into  the  kernel,  then init begins with a full bounding set
403       minus CAP_SETPCAP, because this capability has a different meaning when
404       there are no file capabilities.
405
406       Removing a capability from the bounding set does not remove it from the
407       thread's inherited set.  However it does prevent  the  capability  from
408       being added back into the thread's inherited set in the future.
409
410   Effect of User ID Changes on Capabilities
411       To  preserve  the  traditional  semantics for transitions between 0 and
412       nonzero user IDs, the kernel makes the following changes to a  thread's
413       capability  sets on changes to the thread's real, effective, saved set,
414       and file system user IDs (using setuid(2), setresuid(2), or similar):
415
416       1. If one or more of the real, effective or saved set user IDs was pre‐
417          viously  0, and as a result of the UID changes all of these IDs have
418          a nonzero value, then all capabilities are cleared from the  permit‐
419          ted and effective capability sets.
420
421       2. If  the  effective  user  ID  is changed from 0 to nonzero, then all
422          capabilities are cleared from the effective set.
423
424       3. If the effective user ID is changed from nonzero to 0, then the per‐
425          mitted set is copied to the effective set.
426
427       4. If  the  file system user ID is changed from 0 to nonzero (see setf‐
428          suid(2)) then the following capabilities are cleared from the effec‐
429          tive    set:   CAP_CHOWN,   CAP_DAC_OVERRIDE,   CAP_DAC_READ_SEARCH,
430          CAP_FOWNER, CAP_FSETID, CAP_LINUX_IMMUTABLE  (since  Linux  2.2.30),
431          CAP_MAC_OVERRIDE,  and  CAP_MKNOD (since Linux 2.2.30).  If the file
432          system UID is changed from nonzero to 0, then any of these capabili‐
433          ties that are enabled in the permitted set are enabled in the effec‐
434          tive set.
435
436       If a thread that has a 0 value for one or more of its user IDs wants to
437       prevent  its  permitted capability set being cleared when it resets all
438       of its user IDs to nonzero values, it can  do  so  using  the  prctl(2)
439       PR_SET_KEEPCAPS operation.
440
441   Programmatically adjusting capability sets
442       A  thread  can  retrieve  and  change  its  capability  sets  using the
443       capget(2)  and  capset(2)  system   calls.    However,   the   use   of
444       cap_get_proc(3)  and cap_set_proc(3), both provided in the libcap pack‐
445       age, is preferred for this purpose.  The following rules govern changes
446       to the thread capability sets:
447
448       1. If  the  caller  does  not  have the CAP_SETPCAP capability, the new
449          inheritable set must be a subset of the combination of the  existing
450          inheritable and permitted sets.
451
452       2. (Since  kernel  2.6.25)  The new inheritable set must be a subset of
453          the combination of the existing inheritable set and  the  capability
454          bounding set.
455
456       3. The new permitted set must be a subset of the existing permitted set
457          (i.e., it is not possible to acquire permitted capabilities that the
458          thread does not currently have).
459
460       4. The new effective set must be a subset of the new permitted set.
461
462   The "securebits" flags: establishing a capabilities-only environment
463       Starting  with kernel 2.6.26, and with a kernel in which file capabili‐
464       ties are enabled, Linux implements a set of per-thread securebits flags
465       that  can be used to disable special handling of capabilities for UID 0
466       (root).  These flags are as follows:
467
468       SECBIT_KEEP_CAPS
469              Setting this flag allows a thread that has one or more 0 UIDs to
470              retain  its  capabilities  when it switches all of its UIDs to a
471              nonzero value.  If this flag is not set, then such a UID  switch
472              causes the thread to lose all capabilities.  This flag is always
473              cleared on an execve(2).  (This flag provides the same function‐
474              ality as the older prctl(2) PR_SET_KEEPCAPS operation.)
475
476       SECBIT_NO_SETUID_FIXUP
477              Setting  this  flag  stops the kernel from adjusting  capability
478              sets when the threads's  effective  and  file  system  UIDs  are
479              switched  between  zero and nonzero values.  (See the subsection
480              Effect of User ID Changes on Capabilities.)
481
482       SECBIT_NOROOT
483              If this bit is set, then the kernel does not grant  capabilities
484              when  a  set-user-ID-root program is executed, or when a process
485              with an effective or real UID of 0 calls  execve(2).   (See  the
486              subsection Capabilities and execution of programs by root.)
487
488       Each  of the above "base" flags has a companion "locked" flag.  Setting
489       any of the "locked" flags is irreversible, and has the effect  of  pre‐
490       venting  further  changes to the corresponding "base" flag.  The locked
491       flags are: SECBIT_KEEP_CAPS_LOCKED, SECBIT_NO_SETUID_FIXUP_LOCKED,  and
492       SECBIT_NOROOT_LOCKED.
493
494       The  securebits  flags can be modified and retrieved using the prctl(2)
495       PR_SET_SECUREBITS and PR_GET_SECUREBITS  operations.   The  CAP_SETPCAP
496       capability is required to modify the flags.
497
498       The  securebits  flags  are  inherited  by  child processes.  During an
499       execve(2), all of the  flags  are  preserved,  except  SECURE_KEEP_CAPS
500       which is always cleared.
501
502       An  application  can  use the following call to lock itself, and all of
503       its descendants, into an environment where  the  only  way  of  gaining
504       capabilities  is  by executing a program with associated file capabili‐
505       ties:
506
507           prctl(PR_SET_SECUREBITS,
508                   SECBIT_KEEP_CAPS_LOCKED |
509                   SECBIT_NO_SETUID_FIXUP |
510                   SECBIT_NO_SETUID_FIXUP_LOCKED |
511                   SECBIT_NOROOT |
512                   SECBIT_NOROOT_LOCKED);
513

CONFORMING TO

515       No standards govern capabilities, but the Linux capability  implementa‐
516       tion   is   based   on  the  withdrawn  POSIX.1e  draft  standard;  see
517       http://wt.xpilot.org/publications/posix.1e/.
518

NOTES

520       Since kernel 2.5.27, capabilities are an optional kernel component, and
521       can  be  enabled/disabled  via  the CONFIG_SECURITY_CAPABILITIES kernel
522       configuration option.
523
524       The /proc/PID/task/TID/status file can be used to view  the  capability
525       sets  of a thread.  The /proc/PID/status file shows the capability sets
526       of a process's main thread.
527
528       The libcap package provides a suite of routines for setting and getting
529       capabilities  that  is  more comfortable and less likely to change than
530       the interface provided by capset(2) and capget(2).  This  package  also
531       provides the setcap(8) and getcap(8) programs.  It can be found at
532       http://www.kernel.org/pub/linux/libs/security/linux-privs.
533
534       Before  kernel 2.6.24, and since kernel 2.6.24 if file capabilities are
535       not enabled, a thread with the CAP_SETPCAP  capability  can  manipulate
536       the  capabilities  of threads other than itself.  However, this is only
537       theoretically possible, since no thread ever has CAP_SETPCAP in  either
538       of these cases:
539
540       * In  the pre-2.6.25 implementation the system-wide capability bounding
541         set, /proc/sys/kernel/cap-bound, always masks  out  this  capability,
542         and  this  can not be changed without modifying the kernel source and
543         rebuilding.
544
545       * If file capabilities are disabled in the current implementation, then
546         init  starts  out  with  this capability removed from its per-process
547         bounding set, and that bounding set is inherited by  all  other  pro‐
548         cesses created on the system.
549

SEE ALSO

551       capget(2),   prctl(2),   setfsuid(2),   cap_clear(3),  cap_copy_ext(3),
552       cap_from_text(3),   cap_get_file(3),   cap_get_proc(3),    cap_init(3),
553       capgetp(3),  capsetp(3),  credentials(7),  pthreads(7), getcap(8), set‐
554       cap(8)
555
556       include/linux/capability.h in the kernel source
557

COLOPHON

559       This page is part of release 3.25 of the Linux  man-pages  project.   A
560       description  of  the project, and information about reporting bugs, can
561       be found at http://www.kernel.org/doc/man-pages/.
562
563
564
565Linux                             2010-06-19                   CAPABILITIES(7)
Impressum