From 8115f3274eab06743603aec502ae311e3bf0724b Mon Sep 17 00:00:00 2001 From: LinkTed Date: Mon, 3 Jan 2022 20:30:46 +0200 Subject: linux: Add support for No New Privs flag This add No New Privs flag for start-stop-daemon and supervise-daemon by adding --no-new-privs flag. As a result, the user set the No New Privs flag for the program should run with. see PR_SET_NO_NEW_PRIVS prctl(2) --- man/start-stop-daemon.8 | 2 ++ man/supervise-daemon.8 | 2 ++ 2 files changed, 4 insertions(+) (limited to 'man') diff --git a/man/start-stop-daemon.8 b/man/start-stop-daemon.8 index aedbd0cb..257cad70 100644 --- a/man/start-stop-daemon.8 +++ b/man/start-stop-daemon.8 @@ -168,6 +168,8 @@ The format is the same as in cap_iab(3). Set the security-bits for the program. The numeric value of the security-bits can be found in header file. The format is the same as in strtoul(3). +.It Fl -no-new-privs +Set the No New Privs flag for the program. See PR_SET_NO_NEW_PRIVS prctl(2). .It Fl w , -wait Ar milliseconds Wait .Ar milliseconds diff --git a/man/supervise-daemon.8 b/man/supervise-daemon.8 index 799a791a..dcefe2ee 100644 --- a/man/supervise-daemon.8 +++ b/man/supervise-daemon.8 @@ -165,6 +165,8 @@ The format is the same as in cap_iab(3). Set the security-bits for the program. The numeric value of the security-bits can be found in header file. The format is the same as in strtoul(3). +.It Fl -no-new-privs +Set the No New Privs flag for the program. See PR_SET_NO_NEW_PRIVS prctl(2). .El .Sh ENVIRONMENT .Va SSD_IONICELEVEL -- cgit v1.2.3