Page MenuHomeFreeBSD
Differential D30940

proccontrol(1): implement 'nonewprivs'
ClosedPublic
Actions

Authored by trasz on Jun 29 2021, 4:43 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 11, 8:35 AM
Unknown Object (File)
Mon, Nov 10, 9:30 PM
Unknown Object (File)
Sat, Nov 8, 4:34 AM
Unknown Object (File)
Thu, Nov 6, 10:09 PM
Unknown Object (File)
Sun, Oct 26, 8:31 PM
Unknown Object (File)
Sun, Oct 26, 7:32 PM
Unknown Object (File)
Sun, Oct 26, 7:29 PM
Unknown Object (File)
Oct 9 2025, 6:47 AM
View All Files
Subscribers
imp
phk

Details

Reviewers
kib
Group Reviewers
manpages
Commits
rGacb1f1269c6f: proccontrol(1): implement 'nonewprivs'
Summary

This adds the 'nonewprivs' mode, corresponding to newly added
procctl(2) commands PROC_NO_NEW_PRIVS_CTL and PROC_NO_NEW_PRIVS_STATUS.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 40167
Build 37056: arc lint + arc unit

Event Timeline

trasz created this revision.Jun 29 2021, 4:43 PM
Herald added a reviewer: manpages. · View Herald TranscriptJun 29 2021, 4:43 PM
Herald added a subscriber: imp. · View Herald Transcript
trasz requested review of this revision.Jun 29 2021, 4:43 PM
Harbormaster completed remote builds in B40167: Diff 91508.Jun 29 2021, 4:43 PM
trasz added a comment.Jun 29 2021, 4:43 PM

Note that this depends on https://reviews.freebsd.org/D30939.

trasz mentioned this in D30130: Unprivileged chroot.Jun 29 2021, 4:44 PM
kib accepted this revision.Jun 30 2021, 5:27 AM

I wonder if it is better named 'nosetid', both in syscall and there.

This revision is now accepted and ready to land.Jun 30 2021, 5:27 AM
trasz added a comment.Jun 30 2021, 11:48 AM
In D30940#696482, @kib wrote:

I wonder if it is better named 'nosetid', both in syscall and there.

I've been thinking about it - "NO_NEW_PRIVS" is a rather silly name - but IMHO given that we're copying Linux semantics, we ought to also copy the name; it will make it less confusing and easier to grep for.

trasz added a comment.Jul 1 2021, 8:11 PM

(Tinderboxed.)

Closed by commit rGacb1f1269c6f: proccontrol(1): implement 'nonewprivs' (authored by trasz). · Explain WhyJul 2 2021, 7:51 AM
This revision was automatically updated to reflect the committed changes.
trasz added a commit: rGacb1f1269c6f: proccontrol(1): implement 'nonewprivs'.
phk mentioned this in D30939: procctl(2): add PROC_NO_NEW_PRIVS_CTL, PROC_NO_NEW_PRIVS_STATUS.Jul 9 2021, 7:48 AM
phk added a subscriber: phk.

looks good to me

trasz added a comment.Jul 10 2021, 10:41 PM

Thanks :-)

emaste mentioned this in D51702: kernel: Allow unprivileged chroot by default.Aug 2 2025, 4:41 PM

Revision Contents
Changeset List

PathSize
usr.bin/
proccontrol/
3 lines
23 lines

Diff 91508

View Options

usr.bin/proccontrol/proccontrol.1

Loading...
View Options

usr.bin/proccontrol/proccontrol.c

Loading...