From 3f1be691da4da51d3709ae26d4ad32edf163a195 Mon Sep 17 00:00:00 2001
From: Karel Zak
Date: Thu, 6 May 2010 09:59:16 +0200
Subject: unshare: drop potential euid privileges before exec

This patch drops potential euid privileges before executing the target
program. This allows to setuid unshare.

The unshare(1) is still distributed as non-setuid program.

Based on patch from Martin Pohlack <mp26@os.inf.tu-dresden.de>.

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 sys-utils/unshare.1 | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'sys-utils/unshare.1')

diff --git a/sys-utils/unshare.1 b/sys-utils/unshare.1
index 31fcfde74..06e4ac205 100644
--- a/sys-utils/unshare.1
+++ b/sys-utils/unshare.1
@@ -47,6 +47,9 @@ Unshare the IPC namespace,
 .TP
 .BR \-n , " \-\-net"
 Unshare the network namespace.
+.SH NOTES
+The unshare command drops potential privileges before executing the
+target program. This allows to setuid unshare.
 .SH SEE ALSO
 unshare(2), clone(2)
 .SH BUGS
-- 
cgit v1.2.3-55-g7522