capabilities.7: Document the CAP_CHECKPOINT_RESTORE capability added in Linux 5.9

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Michael Kerrisk <mtk.manpages@gmail.com> 2020-10-27 13:41:03 +0100
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2020-10-27 14:51:44 +0100
commit: 71f6247f3ca83893bab97742331610932e21baed (patch)
tree: f05276fffcd41c5a38ee3b55c48d65ae3c1fb62f
parent: 167f94b707148bcd46fe39c7d4ebfada9eed88f6 (diff)
download: man-pages-71f6247f3ca83893bab97742331610932e21baed.tar.gz
1 files changed, 29 insertions, 0 deletions
diff --git a/man7/capabilities.7 b/man7/capabilities.7
index 53a6f656a8..14bc216570 100644
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
@@ -101,6 +101,35 @@ BPF functionality from the overloaded
 .BR CAP_SYS_ADMIN
 capability.
 .TP
+.BR CAP_CHECKPOINT_RESTORE " (since Linux 5.9)"
+.\" commit 124ea650d3072b005457faed69909221c2905a1f
+.PD 0
+.RS
+.IP * 2
+Update
+.I /proc/sys/kernel/ns_last_pid
+(see
+.BR pid_namespaces (7));
+.IP *
+employ the
+.I set_tid
+feature of
+.BR clone3 (2);
+.\" FIXME There is also some use case relating to
+.\" prctl_set_mm_exe_file(); in the 5.9 sources, see
+.\" prctl_set_mm_map().
+.IP *
+read the contents of the symbolic links in
+.IR /proc/[pid]/map_files
+for other processes.
+.RE
+.PD
+.IP
+This capability was added in Linux 5.9 to separate out
+checkpoint/restore functionality from the overloaded
+.BR CAP_SYS_ADMIN
+capability.
+.TP
 .B CAP_CHOWN
 Make arbitrary changes to file UIDs and GIDs (see
 .BR chown (2)).
author	Michael Kerrisk <mtk.manpages@gmail.com>	2020-10-27 13:41:03 +0100
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2020-10-27 14:51:44 +0100
commit	71f6247f3ca83893bab97742331610932e21baed (patch)
tree	f05276fffcd41c5a38ee3b55c48d65ae3c1fb62f
parent	167f94b707148bcd46fe39c7d4ebfada9eed88f6 (diff)
download	man-pages-71f6247f3ca83893bab97742331610932e21baed.tar.gz