Lines Matching refs:no_new_privs

21 These are all ad-hoc fixes.  The ``no_new_privs`` bit (since Linux 3.5) is a
24 can set ``no_new_privs``.  Once the bit is set, it is inherited across fork,
25 clone, and execve and cannot be unset.  With ``no_new_privs`` set, ``execve()``
32 To set ``no_new_privs``, use::
37 in ``no_new_privs`` mode.  (This means that setting up a general-purpose
38 service launcher to set ``no_new_privs`` before execing daemons may
41 Note that ``no_new_privs`` does not prevent privilege changes that do not
45 There are two main use cases for ``no_new_privs`` so far:
50    if ``no_new_privs`` is set.
52  - By itself, ``no_new_privs`` can be used to reduce the attack surface
54    given uid has ``no_new_privs`` set, then that uid will be unable to
57    ``no_new_privs`` bit set first.
60 available to unprivileged tasks if ``no_new_privs`` is set.  In principle,
62 ``no_new_privs`` is set, and ``no_new_privs`` + ``chroot`` is considerable less