On 29/05/17 05:21, Sebastian Kisela wrote: > From aa522282c81a07391ef9d83aa3ae1868338fca5a Mon Sep 17 00:00:00 2001 > From: Sebastian Kisela <[email protected]> > Date: Mon, 29 May 2017 14:17:07 +0200 > Subject: [PATCH] runcon: mention no-new-privs feature possible through setpriv > > * runcon modify usage info documentation > * References https://bugzilla.redhat.com/1360903 > --- > doc/coreutils.texi | 4 ++++ > gnulib | 2 +- > 2 files changed, 5 insertions(+), 1 deletion(-) > > diff --git a/doc/coreutils.texi b/doc/coreutils.texi > index 1834e92..3b406ae 100644 > --- a/doc/coreutils.texi > +++ b/doc/coreutils.texi > @@ -16586,6 +16586,10 @@ security context. > > The program accepts the following options. Also see @ref{Common options}. > > +Use 'setpriv --no-new-privs runcon ...' to set NO_NEW_PRIVS bit, to disallow > usage of context with more privileges than the process has normally. > + > +The setpriv command is part of the util-linux package and is available from > Linux Kernel Archive (ftp://ftp.kernel.org/pub/linux/utils/util-linux/⟩ > +
Adjusted and applied. http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=v8.27-37-g6ebaf81 > @table @samp > > @item -c > diff --git a/gnulib b/gnulib > index efb8421..8edebfe 160000 > --- a/gnulib > +++ b/gnulib > @@ -1 +1 @@ > -Subproject commit efb84214ac14749188ab8294a52b4e91475c13b6 > +Subproject commit 8edebfe6f97d0e378d042accb2475a32a53f100f Note you needed to do a `git submodule update` after your git pull, to avoid this vestigial local change. thanks, Pádraig
