1Allows a process to perform a somewhat arbitrary 2grab-bag of privileged operations. Over time, this 3capability should weaken as specific capabilities are 4created for subsets of CAP_SYS_ADMINs functionality: 5 - configuration of the secure attention key 6 - administration of the random device 7 - examination and configuration of disk quotas 8 - setting the domainname 9 - setting the hostname 10 - calling bdflush() 11 - mount() and umount(), setting up new SMB connection 12 - some autofs root ioctls 13 - nfsservctl 14 - VM86_REQUEST_IRQ 15 - to read/write pci config on alpha 16 - irix_prctl on mips (setstacksize) 17 - flushing all cache on m68k (sys_cacheflush) 18 - removing semaphores 19 - Used instead of CAP_CHOWN to "chown" IPC message 20 queues, semaphores and shared memory 21 - locking/unlocking of shared memory segment 22 - turning swap on/off 23 - forged pids on socket credentials passing 24 - setting readahead and flushing buffers on block 25 devices 26 - setting geometry in floppy driver 27 - turning DMA on/off in xd driver 28 - administration of md devices (mostly the above, but 29 some extra ioctls) 30 - tuning the ide driver 31 - access to the nvram device 32 - administration of apm_bios, serial and bttv (TV) 33 device 34 - manufacturer commands in isdn CAPI support driver 35 - reading non-standardized portions of PCI 36 configuration space 37 - DDI debug ioctl on sbpcd driver 38 - setting up serial ports 39 - sending raw qic-117 commands 40 - enabling/disabling tagged queuing on SCSI 41 controllers and sending arbitrary SCSI commands 42 - setting encryption key on loopback filesystem 43 - setting zone reclaim policy 44