woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Disable securebits again to avoid spawned programs unexpectedly retaining capabilities after a UID/GID change

Browse Source
This commit is contained in:
Robert Swiecki 2019-07-01 14:51:32 +02:00
parent 317555b687
commit d10c9fb90d
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
user.cc
View File

@ -276,6 +276,16 @@ bool initNsFromChild(nsjconf_t* nsjconf) {
return false; return false;
} }
/*
* Disable securebits again to avoid spawned programs
* unexpectedly retaining capabilities after a UID/GID
* change.
*/
if (prctl(PR_SET_SECUREBITS, 0UL, 0UL, 0UL, 0UL) == -1) {
PLOG_E("prctl(PR_SET_SECUREBITS, 0)");
return false;
}
return true; return true;
} }