Control: retitle -1 Misleading documentation about NoNewPrivileges and UID
changes
Control: tag -1 + upstream
Hi,
Ansgar Burchardt wrote (31 Jul 2014 09:53:21 GMT) :
It works as intended, but the documentation might be a bit misleading.
NoNewPrivileges only affects the exec syscall which will
Hi again,
Ansgar Burchardt wrote (31 Jul 2014 10:04:52 GMT) :
Oh, and one other thing that might be worth mentioning in this context:
| Be careful, though: LSMs might also not tighten constraints on exec
| in no_new_privs mode. (This means that setting up a general-purpose
| service
