summaryrefslogtreecommitdiff
path: root/security/advanced
diff options
context:
space:
mode:
Diffstat (limited to 'security/advanced')
-rw-r--r--security/advanced/frm_capabilities.tex2
-rw-r--r--security/advanced/frm_namespace_container.tex2
2 files changed, 3 insertions, 1 deletions
diff --git a/security/advanced/frm_capabilities.tex b/security/advanced/frm_capabilities.tex
index 5acd8e9..d4a2890 100644
--- a/security/advanced/frm_capabilities.tex
+++ b/security/advanced/frm_capabilities.tex
@@ -205,7 +205,7 @@ Scenario for dropping capabilities in suid-root processes
\item effective: drop all
\item permitted: keep only required
\end{itemize}
-\item set SEC\_KEEP\_CAPS (prctl(PR\_SET\_KEEPCAPS, 1))
+\item preserve capabilities (prctl(PR\_SET\_KEEPCAPS, 1))
\item set all UIDs to non-zero
\item raise capability in effecive set before calling a privileged syscall
\item drop capability from effective set after syscall
diff --git a/security/advanced/frm_namespace_container.tex b/security/advanced/frm_namespace_container.tex
index c63b6b2..5b907e6 100644
--- a/security/advanced/frm_namespace_container.tex
+++ b/security/advanced/frm_namespace_container.tex
@@ -37,6 +37,8 @@
\begin{itemize}
\item Mount: \\
Provide different filesystem
+\item PID: \\
+ Provide new Process-ID scope
\item IPC: \\
Provide isolated inter process communication entities
\item Network: \\
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-10 09:48:43 +0000