emo/openrc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

linux: Add support for No New Privs flag

Browse Source 
This add No New Privs flag for start-stop-daemon and supervise-daemon
by adding --no-new-privs flag. As a result, the user set the No New
Privs flag for the program should run with.
see PR_SET_NO_NEW_PRIVS prctl(2)
This commit is contained in:
LinkTed
2022-01-03 20:30:46 +02:00
committed by Mike Frysinger
parent 79e5edc1a3
commit 8115f3274e
6 changed files with 48 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
sh/start-stop-daemon.sh
View File

@@ -55,6 +55,7 @@ ssd_start()
${error_logger_arg} \
${capabilities+--capabilities} "$capabilities" \
${secbits:+--secbits} "$secbits" \
${no_new_privs:+--no-new-privs} \
${procname:+--name} $procname \
${pidfile:+--pidfile} $pidfile \
${command_user+--user} $command_user \

1
sh/supervise-daemon.sh
View File

@@ -38,6 +38,7 @@ supervise_start()
${healthcheck_timer:+--healthcheck-timer} $healthcheck_timer \
${capabilities+--capabilities} "$capabilities" \
${secbits:+--secbits} "$secbits" \
${no_new_privs:+--no_new_privs} \
${command_user+--user} $command_user \
${umask+--umask} $umask \
${supervise_daemon_args:-${start_stop_daemon_args}} \