linux: Add support for No New Privs flag

This add No New Privs flag for start-stop-daemon and supervise-daemon by adding --no-new-privs flag. As a result, the user set the No New Privs flag for the program should run with. see PR_SET_NO_NEW_PRIVS prctl(2)
2022-01-03 20:30:46 +02:00
parent 79e5edc1a3
commit 8115f3274e
6 changed files with 48 additions and 0 deletions
--- a/man/supervise-daemon.8
+++ b/man/supervise-daemon.8
@@ -165,6 +165,8 @@ The format is the same as in cap_iab(3).
 Set the security-bits for the program.
 The numeric value of the security-bits can be found in <sys/secbits.h> header file.
 The format is the same as in strtoul(3).
+.It Fl -no-new-privs
+Set the No New Privs flag for the program. See PR_SET_NO_NEW_PRIVS prctl(2).
 .El
 .Sh ENVIRONMENT
 .Va SSD_IONICELEVEL