From 955e2a0237c7d914fc7561018ebff4970a8b12df Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@canonical.com>
Date: Sat, 3 Sep 2016 15:19:27 +0200
Subject: [PATCH] attach, start: declare PR_{S,G}PR_GET_NO_NEW_PRIVS

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
---
 configure.ac     |  4 ++++
 src/lxc/attach.c | 10 +++++++++-
 src/lxc/start.c  | 10 +++++++++-
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 39e313add..dd2ad681c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -593,6 +593,10 @@ AM_CONDITIONAL([IS_BIONIC], [test "x$is_bionic" = "xyes"])
 # Some systems lack PR_CAPBSET_DROP definition => HAVE_DECL_PR_CAPBSET_DROP
 AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include <sys/prctl.h>])
 
+# Some systems lack PR_{G,S}ET_NO_NEW_PRIVS definition => HAVE_DECL_PR_{G,S}ET_NO_NEW_PRIVS
+AC_CHECK_DECLS([PR_SET_NO_NEW_PRIVS], [], [], [#include <sys/prctl.h>])
+AC_CHECK_DECLS([PR_GET_NO_NEW_PRIVS], [], [], [#include <sys/prctl.h>])
+
 # Check for some headers
 AC_CHECK_HEADERS([sys/signalfd.h pty.h ifaddrs.h sys/capability.h sys/personality.h utmpx.h sys/timerfd.h])
 
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index ac39fa223..c74141050 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -39,10 +39,18 @@
 #include <linux/unistd.h>
 #include <pwd.h>
 
-#if !HAVE_DECL_PR_CAPBSET_DROP
+#ifndef HAVE_DECL_PR_CAPBSET_DROP
 #define PR_CAPBSET_DROP 24
 #endif
 
+#ifndef HAVE_DECL_PR_SET_NO_NEW_PRIVS
+#define PR_SET_NO_NEW_PRIVS 38
+#endif
+
+#ifndef HAVE_DECL_PR_GET_NO_NEW_PRIVS
+#define PR_GET_NO_NEW_PRIVS 39
+#endif
+
 #include "namespace.h"
 #include "log.h"
 #include "attach.h"
diff --git a/src/lxc/start.c b/src/lxc/start.c
index bcc2e5ee9..ecc7b08f6 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -50,10 +50,18 @@
 #include <sys/capability.h>
 #endif
 
-#if !HAVE_DECL_PR_CAPBSET_DROP
+#ifndef HAVE_DECL_PR_CAPBSET_DROP
 #define PR_CAPBSET_DROP 24
 #endif
 
+#ifndef HAVE_DECL_PR_SET_NO_NEW_PRIVS
+#define PR_SET_NO_NEW_PRIVS 38
+#endif
+
+#ifndef HAVE_DECL_PR_GET_NO_NEW_PRIVS
+#define PR_GET_NO_NEW_PRIVS 39
+#endif
+
 #include "af_unix.h"
 #include "bdev.h"
 #include "caps.h"