From 8115f3274eab06743603aec502ae311e3bf0724b Mon Sep 17 00:00:00 2001
From: LinkTed <link.ted@mailbox.org>
Date: Mon, 3 Jan 2022 20:30:46 +0200
Subject: linux: Add support for No New Privs flag

This add No New Privs flag for start-stop-daemon and supervise-daemon
by adding --no-new-privs flag. As a result, the user set the No New
Privs flag for the program should run with.
see PR_SET_NO_NEW_PRIVS prctl(2)
---
 sh/start-stop-daemon.sh | 1 +
 sh/supervise-daemon.sh  | 1 +
 2 files changed, 2 insertions(+)

(limited to 'sh')

diff --git a/sh/start-stop-daemon.sh b/sh/start-stop-daemon.sh
index bbb4da37..3c2fd32f 100644
--- a/sh/start-stop-daemon.sh
+++ b/sh/start-stop-daemon.sh
@@ -55,6 +55,7 @@ ssd_start()
 		${error_logger_arg} \
 		${capabilities+--capabilities} "$capabilities" \
 		${secbits:+--secbits} "$secbits" \
+		${no_new_privs:+--no-new-privs} \
 		${procname:+--name} $procname \
 		${pidfile:+--pidfile} $pidfile \
 		${command_user+--user} $command_user \
diff --git a/sh/supervise-daemon.sh b/sh/supervise-daemon.sh
index 39fe5727..8d2d6faf 100644
--- a/sh/supervise-daemon.sh
+++ b/sh/supervise-daemon.sh
@@ -38,6 +38,7 @@ supervise_start()
 		${healthcheck_timer:+--healthcheck-timer} $healthcheck_timer \
 		${capabilities+--capabilities} "$capabilities" \
 		${secbits:+--secbits} "$secbits" \
+		${no_new_privs:+--no_new_privs} \
 		${command_user+--user} $command_user \
 		${umask+--umask} $umask \
 		${supervise_daemon_args:-${start_stop_daemon_args}} \
-- 
cgit v1.2.3