linux: Add support for No New Privs flag

This add No New Privs flag for start-stop-daemon and supervise-daemon by adding --no-new-privs flag. As a result, the user set the No New Privs flag for the program should run with. see PR_SET_NO_NEW_PRIVS prctl(2)
author: LinkTed <link.ted@mailbox.org> 2022-01-03 20:30:46 +0200
committer: Mike Frysinger <vapier@gmail.com> 2022-02-06 17:17:46 -0500
commit: 8115f3274eab06743603aec502ae311e3bf0724b (patch)
tree: 9b7dcd790b277237042385af4ad8414390077b0a /man
parent: 79e5edc1a3187ef63bed80fe4ecb05a898b68f00 (diff)
2 files changed, 4 insertions, 0 deletions
diff --git a/man/start-stop-daemon.8 b/man/start-stop-daemon.8
index aedbd0cb..257cad70 100644
--- a/man/start-stop-daemon.8
+++ b/man/start-stop-daemon.8
@@ -168,6 +168,8 @@ The format is the same as in cap_iab(3).
 Set the security-bits for the program.
 The numeric value of the security-bits can be found in <sys/secbits.h> header file.
 The format is the same as in strtoul(3).
+.It Fl -no-new-privs
+Set the No New Privs flag for the program. See PR_SET_NO_NEW_PRIVS prctl(2).
 .It Fl w , -wait Ar milliseconds
 Wait
 .Ar milliseconds
diff --git a/man/supervise-daemon.8 b/man/supervise-daemon.8
index 799a791a..dcefe2ee 100644
--- a/man/supervise-daemon.8
+++ b/man/supervise-daemon.8
@@ -165,6 +165,8 @@ The format is the same as in cap_iab(3).
 Set the security-bits for the program.
 The numeric value of the security-bits can be found in <sys/secbits.h> header file.
 The format is the same as in strtoul(3).
+.It Fl -no-new-privs
+Set the No New Privs flag for the program. See PR_SET_NO_NEW_PRIVS prctl(2).
 .El
 .Sh ENVIRONMENT
 .Va SSD_IONICELEVEL
author	LinkTed <link.ted@mailbox.org>	2022-01-03 20:30:46 +0200
committer	Mike Frysinger <vapier@gmail.com>	2022-02-06 17:17:46 -0500
commit	8115f3274eab06743603aec502ae311e3bf0724b (patch)
tree	9b7dcd790b277237042385af4ad8414390077b0a /man
parent	79e5edc1a3187ef63bed80fe4ecb05a898b68f00 (diff)