On Wed, Feb 21, 2024 at 03:24:38PM -0600, Seth Forshee (DigitalOcean) wrote:
> cap_inode_getsecurity() implements a handful of policies for capability
> xattrs read by userspace:
>
> - It returns EINVAL if the on-disk capability is in v1 format.
>
> - It masks off all bits in magic_etc except
cap_inode_getsecurity() implements a handful of policies for capability
xattrs read by userspace:
- It returns EINVAL if the on-disk capability is in v1 format.
- It masks off all bits in magic_etc except for the version and
VFS_CAP_FLAGS_EFFECTIVE.
- v3 capabilities are converted to v2