doc: mention setpriv --no-new-privs feature in runcon info
* doc/coreutils.texi (runcon invocation): Mention setpriv usage. Discussed at https://bugzilla.redhat.com/1360903
This commit is contained in:
Sebastian Kisela
parent
6f16afd4a6
commit
8d02212742
33
coreutils-8.27-runcon-doc.patch
Normal file
33
coreutils-8.27-runcon-doc.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 76be8a7f9eb717b3d47009eb25d39fe7139a2c2d Mon Sep 17 00:00:00 2001
|
||||
From: Sebastian Kisela <skisela@redhat.com>
|
||||
Date: Tue, 30 May 2017 09:29:32 +0200
|
||||
Subject: [PATCH] doc: mention `setpriv --no-new-privs` feature in runcon info
|
||||
|
||||
upstream commit: 6ebaf8195000d6d3590a2eac13f13b158e325452
|
||||
---
|
||||
doc/coreutils.texi | 9 ++++++++-
|
||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/doc/coreutils.texi b/doc/coreutils.texi
|
||||
index 68df075..e16e885 100644
|
||||
--- a/doc/coreutils.texi
|
||||
+++ b/doc/coreutils.texi
|
||||
@@ -16583,7 +16583,14 @@ are interpreted as arguments to the command.
|
||||
With neither @var{context} nor @var{command}, print the current
|
||||
security context.
|
||||
|
||||
-The program accepts the following options. Also see @ref{Common options}.
|
||||
+@cindex restricted security context
|
||||
+@cindex NO_NEW_PRIVS
|
||||
+Note also the @command{setpriv} command which can be used to set the
|
||||
+NO_NEW_PRIVS bit using @command{setpriv --no-new-privs runcon ...},
|
||||
+thus disallowing usage of a security context with more privileges
|
||||
+than the process would normally have.
|
||||
+
|
||||
+@command{runcon} accepts the following options. Also see @ref{Common options}.
|
||||
|
||||
@table @samp
|
||||
|
||||
--
|
||||
2.9.4
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: A set of basic GNU tools commonly used in shell scripts
|
||||
Name: coreutils
|
||||
Version: 8.27
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
License: GPLv3+
|
||||
Group: System Environment/Base
|
||||
Url: https://www.gnu.org/software/coreutils/
|
||||
@ -22,6 +22,9 @@ Patch2: coreutils-8.27-CVE-2017-7476.patch
|
||||
# tail: revert to polling if a followed directory is replaced (#1283760)
|
||||
Patch3: coreutils-8.27-tail-inotify-recreate.patch
|
||||
|
||||
# doc: mention `setpriv --no-new-privs` feature in runcon info
|
||||
Patch4: coreutils-8.27-runcon-doc.patch
|
||||
|
||||
# disable the test-lock gnulib test prone to deadlock
|
||||
Patch100: coreutils-8.26-test-lock.patch
|
||||
|
||||
@ -288,6 +291,9 @@ fi
|
||||
%license COPYING
|
||||
|
||||
%changelog
|
||||
* Tue May 30 2017 Sebastian Kisela <skisela@redhat.com> - 8.27-10
|
||||
- doc: mention `setpriv --no-new-privs` feature in runcon info
|
||||
|
||||
* Tue May 16 2017 Kamil Dudka <kdudka@redhat.com> - 8.27-9
|
||||
- add coreutils-full provides for coreutils to make it explicitly installable
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user