xref: /aosp_15_r20/external/libcap/doc/values/21.txt (revision 2810ac1b38eead2603277920c78344c84ddf3aff)

Allows a process to perform a somewhat arbitrary
grab-bag of privileged operations. Over time, this
capability should weaken as specific capabilities are
created for subsets of CAP_SYS_ADMINs functionality:
  - configuration of the secure attention key
  - administration of the random device
  - examination and configuration of disk quotas
  - setting the domainname
  - setting the hostname
  - calling bdflush()
  - mount() and umount(), setting up new SMB connection
  - some autofs root ioctls
  - nfsservctl
  - VM86_REQUEST_IRQ
  - to read/write pci config on alpha
  - irix_prctl on mips (setstacksize)
  - flushing all cache on m68k (sys_cacheflush)
  - removing semaphores
  - Used instead of CAP_CHOWN to "chown" IPC message
    queues, semaphores and shared memory
  - locking/unlocking of shared memory segment
  - turning swap on/off
  - forged pids on socket credentials passing
  - setting readahead and flushing buffers on block
    devices
  - setting geometry in floppy driver
  - turning DMA on/off in xd driver
  - administration of md devices (mostly the above, but
    some extra ioctls)
  - tuning the ide driver
  - access to the nvram device
  - administration of apm_bios, serial and bttv (TV)
    device
  - manufacturer commands in isdn CAPI support driver
  - reading non-standardized portions of PCI
    configuration space
  - DDI debug ioctl on sbpcd driver
  - setting up serial ports
  - sending raw qic-117 commands
  - enabling/disabling tagged queuing on SCSI
    controllers and sending arbitrary SCSI commands
  - setting encryption key on loopback filesystem
  - setting zone reclaim policy