security: Review findings (Holger, John)

Signed-off-by: Holger Dengler <dengler@linutronix.de>
author: Holger Dengler <dengler@linutronix.de> 2016-10-28 16:57:24 +0200
committer: Holger Dengler <dengler@linutronix.de> 2016-10-28 16:57:47 +0200
commit: cd03b6d85930eaf8f68240cd3e91a6bcf5035c53 (patch)
tree: 809649e3234fb7d57ef394f8853ea4c80499a8f1 /security/advanced/frm_capabilities.tex
parent: 84508a664655fa1fac11711cb6ecfcba0e571a8f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/security/advanced/frm_capabilities.tex b/security/advanced/frm_capabilities.tex
index 5acd8e9..d4a2890 100644
--- a/security/advanced/frm_capabilities.tex
+++ b/security/advanced/frm_capabilities.tex
@@ -205,7 +205,7 @@ Scenario for dropping capabilities in suid-root processes
  \item effective: drop all
  \item permitted: keep only required
  \end{itemize}
-\item set SEC\_KEEP\_CAPS (prctl(PR\_SET\_KEEPCAPS, 1))
+\item preserve capabilities (prctl(PR\_SET\_KEEPCAPS, 1))
 \item set all UIDs to non-zero
 \item raise capability in effecive set before calling a privileged syscall
 \item drop capability from effective set after syscall
author	Holger Dengler <dengler@linutronix.de>	2016-10-28 16:57:24 +0200
committer	Holger Dengler <dengler@linutronix.de>	2016-10-28 16:57:47 +0200
commit	cd03b6d85930eaf8f68240cd3e91a6bcf5035c53 (patch)
tree	809649e3234fb7d57ef394f8853ea4c80499a8f1 /security/advanced/frm_capabilities.tex
parent	84508a664655fa1fac11711cb6ecfcba0e571a8f (diff)