rpms/coreutils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

doc: mention setpriv --no-new-privs feature in runcon info

Browse Source 
* doc/coreutils.texi (runcon invocation): Mention setpriv usage.
Discussed at https://bugzilla.redhat.com/1360903
This commit is contained in:
Sebastian Kisela 2017-05-30 09:39:28 +02:00
parent 6f16afd4a6
commit 8d02212742
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
coreutils-8.27-runcon-doc.patch Normal file
View File

@ -0,0 +1,33 @@
From 76be8a7f9eb717b3d47009eb25d39fe7139a2c2d Mon Sep 17 00:00:00 2001
From: Sebastian Kisela <skisela@redhat.com>
Date: Tue, 30 May 2017 09:29:32 +0200
Subject: [PATCH] doc: mention `setpriv --no-new-privs` feature in runcon info
upstream commit: 6ebaf8195000d6d3590a2eac13f13b158e325452
---
doc/coreutils.texi | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/doc/coreutils.texi b/doc/coreutils.texi
index 68df075..e16e885 100644
--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -16583,7 +16583,14 @@ are interpreted as arguments to the command.
With neither @var{context} nor @var{command}, print the current
security context.
-The program accepts the following options. Also see @ref{Common options}.
+@cindex restricted security context
+@cindex NO_NEW_PRIVS
+Note also the @command{setpriv} command which can be used to set the
+NO_NEW_PRIVS bit using @command{setpriv --no-new-privs runcon ...},
+thus disallowing usage of a security context with more privileges
+than the process would normally have.
+
+@command{runcon} accepts the following options. Also see @ref{Common options}.
@table @samp
--
2.9.4

8
coreutils.spec
View File

@ -1,7 +1,7 @@
Summary: A set of basic GNU tools commonly used in shell scripts Summary: A set of basic GNU tools commonly used in shell scripts
Name: coreutils Name: coreutils
Version: 8.27 Version: 8.27
Release: 9%{?dist} Release: 10%{?dist}
License: GPLv3+ License: GPLv3+
Group: System Environment/Base Group: System Environment/Base
Url: https://www.gnu.org/software/coreutils/ Url: https://www.gnu.org/software/coreutils/
@ -22,6 +22,9 @@ Patch2: coreutils-8.27-CVE-2017-7476.patch
# tail: revert to polling if a followed directory is replaced (#1283760) # tail: revert to polling if a followed directory is replaced (#1283760)
Patch3: coreutils-8.27-tail-inotify-recreate.patch Patch3: coreutils-8.27-tail-inotify-recreate.patch
# doc: mention `setpriv --no-new-privs` feature in runcon info
Patch4: coreutils-8.27-runcon-doc.patch
# disable the test-lock gnulib test prone to deadlock # disable the test-lock gnulib test prone to deadlock
Patch100: coreutils-8.26-test-lock.patch Patch100: coreutils-8.26-test-lock.patch
@ -288,6 +291,9 @@ fi
%license COPYING %license COPYING
%changelog %changelog
* Tue May 30 2017 Sebastian Kisela <skisela@redhat.com> - 8.27-10
- doc: mention `setpriv --no-new-privs` feature in runcon info
* Tue May 16 2017 Kamil Dudka <kdudka@redhat.com> - 8.27-9 * Tue May 16 2017 Kamil Dudka <kdudka@redhat.com> - 8.27-9
- add coreutils-full provides for coreutils to make it explicitly installable - add coreutils-full provides for coreutils to make it explicitly installable