Page MenuHomeFreeBSD
Differential D30940

proccontrol(1): implement 'nonewprivs'
ClosedPublic
Actions

Authored by trasz on Jun 29 2021, 4:43 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Oct 20, 10:51 AM
Unknown Object (File)
Sun, Oct 20, 10:51 AM
Unknown Object (File)
Sun, Oct 20, 10:51 AM
Unknown Object (File)
Sun, Oct 20, 10:00 AM
Unknown Object (File)
Fri, Oct 18, 5:18 AM
Unknown Object (File)
Sep 30 2024, 5:28 PM
Unknown Object (File)
Sep 30 2024, 3:34 PM
Unknown Object (File)
Sep 21 2024, 7:01 PM
View All 58 Files
Subscribers
imp
phk

Details

Reviewers
kib
Group Reviewers
manpages
Commits
rGacb1f1269c6f: proccontrol(1): implement 'nonewprivs'
Summary

This adds the 'nonewprivs' mode, corresponding to newly added
procctl(2) commands PROC_NO_NEW_PRIVS_CTL and PROC_NO_NEW_PRIVS_STATUS.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

trasz created this revision.Jun 29 2021, 4:43 PM
Herald added a reviewer: manpages. · View Herald TranscriptJun 29 2021, 4:43 PM
Herald added a subscriber: imp. · View Herald Transcript
trasz requested review of this revision.Jun 29 2021, 4:43 PM
Harbormaster completed remote builds in B40167: Diff 91508.Jun 29 2021, 4:43 PM
trasz added a comment.Jun 29 2021, 4:43 PM

Note that this depends on https://reviews.freebsd.org/D30939.

trasz mentioned this in D30130: Unprivileged chroot.Jun 29 2021, 4:44 PM
kib accepted this revision.Jun 30 2021, 5:27 AM

I wonder if it is better named 'nosetid', both in syscall and there.

This revision is now accepted and ready to land.Jun 30 2021, 5:27 AM
trasz added a comment.Jun 30 2021, 11:48 AM
In D30940#696482, @kib wrote:

I wonder if it is better named 'nosetid', both in syscall and there.

I've been thinking about it - "NO_NEW_PRIVS" is a rather silly name - but IMHO given that we're copying Linux semantics, we ought to also copy the name; it will make it less confusing and easier to grep for.

trasz added a comment.Jul 1 2021, 8:11 PM

(Tinderboxed.)

Closed by commit rGacb1f1269c6f: proccontrol(1): implement 'nonewprivs' (authored by trasz). · Explain WhyJul 2 2021, 7:51 AM
This revision was automatically updated to reflect the committed changes.
trasz added a commit: rGacb1f1269c6f: proccontrol(1): implement 'nonewprivs'.
phk mentioned this in D30939: procctl(2): add PROC_NO_NEW_PRIVS_CTL, PROC_NO_NEW_PRIVS_STATUS.Jul 9 2021, 7:48 AM
phk added a subscriber: phk.

looks good to me

trasz added a comment.Jul 10 2021, 10:41 PM

Thanks :-)

Revision Contents
Changeset List

PathSize
usr.bin/
proccontrol/
5 lines
23 lines

Diff 91650

View Options

usr.bin/proccontrol/proccontrol.1

Loading...
View Options

usr.bin/proccontrol/proccontrol.c

Loading...