On Sat, Jun 24, 2017 at 7:04 AM, Patrick Steinhardt <ps@xxxxxx> wrote: > Right now, we do not support modifying the set of ambient capabilities, > which has been introduced quite recently with Linux 4.3. As libcap-ng > does not yet provide any ability to modify this set, we do have to roll > our own support via `prctl`, which is now easy to do due to the > indirections introduced in the preceding commits. We add a new command > line argument "--ambient-caps", which uses the same syntax as both > "--inh-caps" and "--bounding-set" to specify either adding or dropping > capabilities. > > This commit also adjusts documentation to mention the newly introduced > ability to modify the ambient capability set. > One question here: should requesting an ambient cap also implicitly put it in the inheritable set, at least if --inh-caps isn't specified? --Andy -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
