35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
From 70b31e75fe157f4cfa5afc6589c0605868017028 Mon Sep 17 00:00:00 2001
|
|
From: Topi Miettinen <toiwoton@gmail.com>
|
|
Date: Sat, 12 Jun 2021 12:07:38 +0300
|
|
Subject: [PATCH] selinux.8: document how mount flag nosuid affects SELinux
|
|
|
|
Using mount flag `nosuid` also affects SELinux domain transitions but
|
|
this has not been documented well.
|
|
|
|
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
---
|
|
libselinux/man/man8/selinux.8 | 7 +++++++
|
|
1 file changed, 7 insertions(+)
|
|
|
|
diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8
|
|
index 0ef014609a36..5842150bfc72 100644
|
|
--- a/libselinux/man/man8/selinux.8
|
|
+++ b/libselinux/man/man8/selinux.8
|
|
@@ -94,6 +94,13 @@ and reboot.
|
|
also has this capability. The
|
|
.BR restorecon / fixfiles
|
|
commands are also available for relabeling files.
|
|
+
|
|
+Please note that using mount flag
|
|
+.I nosuid
|
|
+also disables SELinux domain transitions, unless permission
|
|
+.I nosuid_transition
|
|
+is used in the policy to allow this, which in turn needs also policy capability
|
|
+.IR nnp_nosuid_transition .
|
|
.
|
|
.SH AUTHOR
|
|
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
--
|
|
2.32.0
|
|
|