linux: Add support for No New Privs flag

This add No New Privs flag for start-stop-daemon and supervise-daemon by adding --no-new-privs flag. As a result, the user set the No New Privs flag for the program should run with. see PR_SET_NO_NEW_PRIVS prctl(2)
author: LinkTed <link.ted@mailbox.org> 2022-01-03 20:30:46 +0200
committer: Mike Frysinger <vapier@gmail.com> 2022-02-06 17:17:46 -0500
commit: 8115f3274eab06743603aec502ae311e3bf0724b (patch)
tree: 9b7dcd790b277237042385af4ad8414390077b0a /sh
parent: 79e5edc1a3187ef63bed80fe4ecb05a898b68f00 (diff)
2 files changed, 2 insertions, 0 deletions
diff --git a/sh/start-stop-daemon.sh b/sh/start-stop-daemon.sh
index bbb4da37..3c2fd32f 100644
--- a/sh/start-stop-daemon.sh
+++ b/sh/start-stop-daemon.sh
@@ -55,6 +55,7 @@ ssd_start()
 		${error_logger_arg} \
 		${capabilities+--capabilities} "$capabilities" \
 		${secbits:+--secbits} "$secbits" \
+		${no_new_privs:+--no-new-privs} \
 		${procname:+--name} $procname \
 		${pidfile:+--pidfile} $pidfile \
 		${command_user+--user} $command_user \
diff --git a/sh/supervise-daemon.sh b/sh/supervise-daemon.sh
index 39fe5727..8d2d6faf 100644
--- a/sh/supervise-daemon.sh
+++ b/sh/supervise-daemon.sh
@@ -38,6 +38,7 @@ supervise_start()
 		${healthcheck_timer:+--healthcheck-timer} $healthcheck_timer \
 		${capabilities+--capabilities} "$capabilities" \
 		${secbits:+--secbits} "$secbits" \
+		${no_new_privs:+--no_new_privs} \
 		${command_user+--user} $command_user \
 		${umask+--umask} $umask \
 		${supervise_daemon_args:-${start_stop_daemon_args}} \
author	LinkTed <link.ted@mailbox.org>	2022-01-03 20:30:46 +0200
committer	Mike Frysinger <vapier@gmail.com>	2022-02-06 17:17:46 -0500
commit	8115f3274eab06743603aec502ae311e3bf0724b (patch)
tree	9b7dcd790b277237042385af4ad8414390077b0a /sh
parent	79e5edc1a3187ef63bed80fe4ecb05a898b68f00 (diff)