Re: [PATCH] runcon: add --no-new-privs option

[Pádraig Brady]

On 29/05/17 05:21, Sebastian Kisela wrote:
> From aa522282c81a07391ef9d83aa3ae1868338fca5a Mon Sep 17 00:00:00 2001
> From: Sebastian Kisela <address@hidden>
> Date: Mon, 29 May 2017 14:17:07 +0200
> Subject: [PATCH] runcon: mention no-new-privs feature possible through setpriv
> 
> * runcon modify usage info documentation
> * References https://bugzilla.redhat.com/1360903
> ---
>  doc/coreutils.texi | 4 ++++
>  gnulib             | 2 +-
>  2 files changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/doc/coreutils.texi b/doc/coreutils.texi
> index 1834e92..3b406ae 100644
> --- a/doc/coreutils.texi
> +++ b/doc/coreutils.texi
> @@ -16586,6 +16586,10 @@ security context.
>  
>  The program accepts the following options.  Also see @ref{Common options}.
>  
> +Use 'setpriv --no-new-privs runcon ...' to set NO_NEW_PRIVS bit, to disallow 
> usage of context with more privileges than the process has normally.
> +
> +The setpriv command is part of the util-linux package and is available from 
> Linux Kernel Archive (ftp://ftp.kernel.org/pub/linux/utils/util-linux/⟩
> +

Adjusted and applied.
http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=v8.27-37-g6ebaf81

>  @table @samp
>  
>  @item -c
> diff --git a/gnulib b/gnulib
> index efb8421..8edebfe 160000
> --- a/gnulib
> +++ b/gnulib
> @@ -1 +1 @@
> -Subproject commit efb84214ac14749188ab8294a52b4e91475c13b6
> +Subproject commit 8edebfe6f97d0e378d042accb2475a32a53f100f

Note you needed to do a `git submodule update` after your git pull,
to avoid this vestigial local change.

thanks,
Pádraig