https://bugzilla.kernel.org/show_bug.cgi?id=216667 Monthero Ronald (rhmcruiser@xxxxxxxxx) changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rhmcruiser@xxxxxxxxx --- Comment #1 from Monthero Ronald (rhmcruiser@xxxxxxxxx) --- It's to make a distinction between a root user and non root user for the process. The first part of the paragraph below is for root user and the later part is for execve run as non root user. And on other hand applications ( using execve) that run with few elevated capability flags can use ambient capabilities. The statement you quoted from man page - Inheritable section below: --- Inheritable This is a set of capabilities preserved across an execve(2). Inheritable capabilities remain inheritable when executing any program, and inheritable capabilities are added to the permitted set when executing a program that has the correspond‐ ing bits set in the file inheritable set. Because inheritable capabilities are not generally preserved across execve(2) when running as a non-root user, applications that wish to run helper programs with elevated capabilities should consider using ambient capabilities, described below. --- -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
