proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-27 16:18:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

attach_options: add LXC_ATTACH_NO_NEW_PRIVS

Browse Source 
Add a flag for PR_SET_NO_NEW_PRIVS. It is off by default.

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
This commit is contained in:
Christian Brauner 2016-09-02 18:17:11 +02:00
parent 029cdff582
commit 1325da7eae
No known key found for this signature in database
GPG Key ID: 8EB056D53EECB12D
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/lxc/attach_options.h
View File

@ -49,6 +49,8 @@ enum {
/* the following are off by default */ /* the following are off by default */
LXC_ATTACH_REMOUNT_PROC_SYS = 0x00010000, //!< Remount /proc filesystem LXC_ATTACH_REMOUNT_PROC_SYS = 0x00010000, //!< Remount /proc filesystem
LXC_ATTACH_LSM_NOW = 0x00020000, //!< FIXME: unknown LXC_ATTACH_LSM_NOW = 0x00020000, //!< FIXME: unknown
/* Set PR_SET_NO_NEW_PRIVS to block execve() gainable privileges. */
LXC_ATTACH_NO_NEW_PRIVS = 0x00040000, //!< PR_SET_NO_NEW_PRIVS
/* we have 16 bits for things that are on by default /* we have 16 bits for things that are on by default
* and 16 bits that are off by default, that should * and 16 bits that are off by default, that should