diff options
| author | Alejandro Colomar <alx@kernel.org> | 2024-05-29 20:41:30 +0200 |
|---|---|---|
| committer | Alejandro Colomar <alx@kernel.org> | 2024-05-31 01:50:12 +0200 |
| commit | 8d99d47e30a5dec943d6d60efd10697302cc5336 (patch) | |
| tree | aaddd3ffc49b0d2e1196a472f54b88080fa4f64c | |
| parent | 960603dbcc8dac4c4d7acb4aa0ec3457afd0415d (diff) | |
| download | man-pages-8d99d47e30a5dec943d6d60efd10697302cc5336.tar.gz | |
PR_SET_NO_NEW_PRIVS.2const: Tweak after split
Signed-off-by: Alejandro Colomar <alx@kernel.org>
| -rw-r--r-- | man/man2const/PR_SET_NO_NEW_PRIVS.2const | 58 |
1 files changed, 26 insertions, 32 deletions
diff --git a/man/man2const/PR_SET_NO_NEW_PRIVS.2const b/man/man2const/PR_SET_NO_NEW_PRIVS.2const index cc3512593a..08e709eebf 100644 --- a/man/man2const/PR_SET_NO_NEW_PRIVS.2const +++ b/man/man2const/PR_SET_NO_NEW_PRIVS.2const @@ -1,10 +1,9 @@ .\" Copyright 2012, Kees Cook <keescook@chromium.org> .\" Copyright 2012, 2013, 2015, Michael Kerrisk <mtk.manpages@gmail.com> +.\" Copyright 2024, Alejandro Colomar <alx@kernel.org> .\" .\" SPDX-License-Identifier: Linux-man-pages-copyleft .\" -.\" 2012-09-20 Kees Cook, document PR_SET_NO_NEW_PRIVS, PR_GET_NO_NEW_PRIVS -.\" .TH PR_SET_NO_NEW_PRIVS 2const (date) "Linux man-pages (unreleased)" .SH NAME PR_SET_NO_NEW_PRIVS @@ -17,15 +16,12 @@ Standard C library .nf .B #include <sys/prctl.h> .P -.BI "int prctl(int " op ", ...);" +.B int prctl(PR_SET_NO_NEW_PRIVS, 1L, 0L, 0L, 0L); .fi .SH DESCRIPTION -.TP -.BR PR_SET_NO_NEW_PRIVS " (since Linux 3.5)" Set the calling thread's .I no_new_privs -attribute to the value in -.IR arg2 . +attribute. With .I no_new_privs set to 1, @@ -36,6 +32,7 @@ that could not have been done without the call (for example, rendering the set-user-ID and set-group-ID mode bits, and file capabilities non-functional). +.P Once set, the .I no_new_privs attribute cannot be unset. @@ -45,24 +42,6 @@ and .BR clone (2), and preserved across .BR execve (2). -.IP -Since Linux 4.10, -the value of a thread's -.I no_new_privs -attribute can be viewed via the -.I NoNewPrivs -field in the -.IR /proc/ pid /status -file. -.IP -For more information, see the kernel source file -.I Documentation/userspace\-api/no_new_privs.rst -.\" commit 40fde647ccb0ae8c11d256d271e24d385eed595b -(or -.I Documentation/prctl/no_new_privs.txt -before Linux 4.13). -See also -.BR seccomp (2). .SH RETURN VALUE On success, 0 is returned. @@ -72,15 +51,30 @@ is set to indicate the error. .SH ERRORS .TP .B EINVAL -.I op -is -.B PR_SET_NO_NEW_PRIVS -and -.I arg2 -is not equal to 1. +The second argument +is not equal to +.IR 1L . +.SH FILES +.TP +.IR /proc/ pid /status +Since Linux 4.10, +the value of a thread's +.I no_new_privs +attribute can be viewed via the +.I NoNewPrivs +field in this file. .SH STANDARDS Linux. .SH HISTORY +Linux 3.5. .SH SEE ALSO .BR prctl (2), -.BR PR_GET_NO_NEW_PRIVS (2const) +.BR PR_GET_NO_NEW_PRIVS (2const), +.BR seccomp (2) +.P +For more information, see the kernel source file +.I Documentation/\:userspace\-api/\:no_new_privs.rst +.\" commit 40fde647ccb0ae8c11d256d271e24d385eed595b +(or +.I Documentation/\:prctl/\:no_new_privs.txt +before Linux 4.13). |