8d02212742
* doc/coreutils.texi (runcon invocation): Mention setpriv usage. Discussed at https://bugzilla.redhat.com/1360903
34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
From 76be8a7f9eb717b3d47009eb25d39fe7139a2c2d Mon Sep 17 00:00:00 2001
|
|
From: Sebastian Kisela <skisela@redhat.com>
|
|
Date: Tue, 30 May 2017 09:29:32 +0200
|
|
Subject: [PATCH] doc: mention `setpriv --no-new-privs` feature in runcon info
|
|
|
|
upstream commit: 6ebaf8195000d6d3590a2eac13f13b158e325452
|
|
---
|
|
doc/coreutils.texi | 9 ++++++++-
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/doc/coreutils.texi b/doc/coreutils.texi
|
|
index 68df075..e16e885 100644
|
|
--- a/doc/coreutils.texi
|
|
+++ b/doc/coreutils.texi
|
|
@@ -16583,7 +16583,14 @@ are interpreted as arguments to the command.
|
|
With neither @var{context} nor @var{command}, print the current
|
|
security context.
|
|
|
|
-The program accepts the following options. Also see @ref{Common options}.
|
|
+@cindex restricted security context
|
|
+@cindex NO_NEW_PRIVS
|
|
+Note also the @command{setpriv} command which can be used to set the
|
|
+NO_NEW_PRIVS bit using @command{setpriv --no-new-privs runcon ...},
|
|
+thus disallowing usage of a security context with more privileges
|
|
+than the process would normally have.
|
|
+
|
|
+@command{runcon} accepts the following options. Also see @ref{Common options}.
|
|
|
|
@table @samp
|
|
|
|
--
|
|
2.9.4
|
|
|