samples/seccomp: Enable PR_SET_NO_NEW_PRIVS in dropper - openslx/kernel-qcow2-linux.git

diff options

author	Ricky Zhou	2016-10-13 19:34:08 +0200
committer	Kees Cook	2016-11-01 16:58:10 +0100
commit	1ff120504f8c322a03fbce035d99e29e741da725 (patch)
tree	08c14543552cc15c4bd918ea0bd062483b6cfeda /usr/initramfs_data.S
parent	samples/seccomp: Fix hostprogs variable (diff)
download	kernel-qcow2-linux-1ff120504f8c322a03fbce035d99e29e741da725.tar.gz kernel-qcow2-linux-1ff120504f8c322a03fbce035d99e29e741da725.tar.xz kernel-qcow2-linux-1ff120504f8c322a03fbce035d99e29e741da725.zip

samples/seccomp: Enable PR_SET_NO_NEW_PRIVS in dropper

Either CAP_SYS_ADMIN or PR_SET_NO_NEW_PRIVS is required to enable seccomp. This allows samples/seccomp/dropper to be run without CAP_SYS_ADMIN. Signed-off-by: Ricky Zhou <rickyz@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org>

Diffstat (limited to 'usr/initramfs_data.S')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: