unplugged-system/external/libcap/doc/values/8.txt

Allows a process to freely manipulate its inheritable
capabilities.  Linux supports the POSIX.1e Inheritable
set, as well as Bounding and Ambient Linux extension
vectors. This capability permits dropping bits from the
Bounding vector. It also permits the process to raise
Ambient vector bits that are both raised in the
Permitted and Inheritable sets of the process. This
capability cannot be used to raise Permitted bits, or
Effective bits beyond those already present in the
process' permitted set.

[Historical note: prior to the advent of file
capabilities (2008), this capability was suppressed by
default, as its unsuppressed behavior was not
auditable: it could asynchronously grant its own
Permitted capabilities to and remove capabilities from
other processes arbitrarily. The former leads to
undefined behavior, and the latter is better served by
the kill system call.]
Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00			`Allows a process to freely manipulate its inheritable`
			`capabilities. Linux supports the POSIX.1e Inheritable`
			`set, as well as Bounding and Ambient Linux extension`
			`vectors. This capability permits dropping bits from the`
			`Bounding vector. It also permits the process to raise`
			`Ambient vector bits that are both raised in the`
			`Permitted and Inheritable sets of the process. This`
			`capability cannot be used to raise Permitted bits, or`
			`Effective bits beyond those already present in the`
			`process' permitted set.`

			`[Historical note: prior to the advent of file`
			`capabilities (2008), this capability was suppressed by`
			`default, as its unsuppressed behavior was not`
			`auditable: it could asynchronously grant its own`
			`Permitted capabilities to and remove capabilities from`
			`other processes arbitrarily. The former leads to`
			`undefined behavior, and the latter is better served by`
			`the kill system call.]`