Skip to content

Document capabilities and secbits #972

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
navi-desu merged 1 commit into from
Feb 8, 2026
+14 −2
Merged

Document capabilities and secbits #972

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 14 additions & 2 deletions man/openrc-run.8
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,11 +259,23 @@ which will export
.Ar $NOTIFY_SOCKET
and listen for notifications. At the moment supporting
.Ar READY=1 Ns .
.El
.Pp
The following options affect the ambient capabilities of processes on Linux.
See
.Xr capabilities 7 .
.Bl -tag -width "RC_DEFAULTLEVEL"
.It Ar no_new_privs
Set no_new_privs on the daemon process, preventing it from gaining any
additional privilege, including through setuid/setgid binaries, file
capabilities, etc. See
.Xr capabilities 7 .
capabilities, etc.
.It Ar capabilities Ar CAPABILITIES
Set additional ambient capabilities for the process.
.It Ar secbits AR SECBITS
Set the
.Fl securebits
for the process, adjusting how the kernel treats ambient capabilities for this
process.
.El
.Sh DEPENDENCIES
You should define a
Expand Down
Loading