[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] runcon: add --no-new-privs option
From: |
Pádraig Brady |
Subject: |
Re: [PATCH] runcon: add --no-new-privs option |
Date: |
Mon, 29 May 2017 12:45:28 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 |
On 29/05/17 05:21, Sebastian Kisela wrote:
> From aa522282c81a07391ef9d83aa3ae1868338fca5a Mon Sep 17 00:00:00 2001
> From: Sebastian Kisela <address@hidden>
> Date: Mon, 29 May 2017 14:17:07 +0200
> Subject: [PATCH] runcon: mention no-new-privs feature possible through setpriv
>
> * runcon modify usage info documentation
> * References https://bugzilla.redhat.com/1360903
> ---
> doc/coreutils.texi | 4 ++++
> gnulib | 2 +-
> 2 files changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/doc/coreutils.texi b/doc/coreutils.texi
> index 1834e92..3b406ae 100644
> --- a/doc/coreutils.texi
> +++ b/doc/coreutils.texi
> @@ -16586,6 +16586,10 @@ security context.
>
> The program accepts the following options. Also see @ref{Common options}.
>
> +Use 'setpriv --no-new-privs runcon ...' to set NO_NEW_PRIVS bit, to disallow
> usage of context with more privileges than the process has normally.
> +
> +The setpriv command is part of the util-linux package and is available from
> Linux Kernel Archive (ftp://ftp.kernel.org/pub/linux/utils/util-linux/⟩
> +
Adjusted and applied.
http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=v8.27-37-g6ebaf81
> @table @samp
>
> @item -c
> diff --git a/gnulib b/gnulib
> index efb8421..8edebfe 160000
> --- a/gnulib
> +++ b/gnulib
> @@ -1 +1 @@
> -Subproject commit efb84214ac14749188ab8294a52b4e91475c13b6
> +Subproject commit 8edebfe6f97d0e378d042accb2475a32a53f100f
Note you needed to do a `git submodule update` after your git pull,
to avoid this vestigial local change.
thanks,
Pádraig