unshare: drop potential euid privileges before exec

This patch drops potential euid privileges before executing the target program. This allows to setuid unshare. The unshare(1) is still distributed as non-setuid program. Based on patch from Martin Pohlack <mp26@os.inf.tu-dresden.de>. Signed-off-by: Karel Zak <kzak@redhat.com>
author: Karel Zak 2010-05-06 09:59:16 +0200
committer: Karel Zak 2010-05-06 09:59:16 +0200
commit: 3f1be691da4da51d3709ae26d4ad32edf163a195 (patch)
tree: 80aab90dc0aa5b723ff0b1cf9d196d6020410c24 /sys-utils/unshare.1
parent: ionice: non-cryptic error message when ionice can't execvp (diff)
download: kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.tar.gz
kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.tar.xz
kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/sys-utils/unshare.1 b/sys-utils/unshare.1
index 31fcfde74..06e4ac205 100644
--- a/sys-utils/unshare.1
+++ b/sys-utils/unshare.1
@@ -47,6 +47,9 @@ Unshare the IPC namespace,
 .TP
 .BR \-n , " \-\-net"
 Unshare the network namespace.
+.SH NOTES
+The unshare command drops potential privileges before executing the
+target program. This allows to setuid unshare.
 .SH SEE ALSO
 unshare(2), clone(2)
 .SH BUGS
author	Karel Zak	2010-05-06 09:59:16 +0200
committer	Karel Zak	2010-05-06 09:59:16 +0200
commit	3f1be691da4da51d3709ae26d4ad32edf163a195 (patch)
tree	80aab90dc0aa5b723ff0b1cf9d196d6020410c24 /sys-utils/unshare.1
parent	ionice: non-cryptic error message when ionice can't execvp (diff)
download	kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.tar.gz kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.tar.xz kernel-qcow2-util-linux-3f1be691da4da51d3709ae26d4ad32edf163a195.zip