The capability system used is definied by the POSIX draft 1003.1e
"POSIX capabilities" wich is now obsolete
At this time only the processes are associated with capabilities
Two projects are actually in progress to manage the capabilities of
executable files.
There are three set of bits for each capability that can be associated
with executable files:
permitted(P): the capabilities that can be used by the process
effective(E): the capabilities effectively in use at a
certain time (the process can choose to use or not the capability)
inheritable(I): the capabilities a process launched with
exec will be masked with. (fork and clone processes have exactly the same
capabilities as the parent)
Linux's Security Capabilities
® © Hervé Schauer Consultants 2000 -
4 bis, rue de la gare -
92300 Levallois-Perret