Home
last modified time | relevance | path

Searched refs:no_new_privs (Results 1 – 6 of 6) sorted by relevance

/openbmc/linux/Documentation/translations/zh_CN/userspace-api/
H A Dno_new_privs.rst4 :Original: Documentation/userspace-api/no_new_privs.rst
25 这些都是临时性的修复。 ``no_new_privs`` 位(从 Linux 3.5 起)是一个新的通
27 置 ``no_new_privs`` 。一旦该位被设置,它会在fork、clone和execve中继承下去
28 ,并且不能被撤销。在 ``no_new_privs`` 被设置的情况下, ``execve()`` 将保证
33 设置 ``no_new_privs`` 使用::
37 不过要小心,Linux安全模块(LSM)也可能不会在 ``no_new_privs`` 模式下收紧约束。
38 (这意味着一个一般的服务启动器在执行守护进程前就去设置 ``no_new_privs`` 可能
44 目前来说, ``no_new_privs`` 有两大使用场景:
47 非特权用户因此在 ``no_new_privs`` 被设置的情况下只允许安装这样的过滤器。
49 - ``no_new_privs`` 本身就能被用于减少非特权用户的攻击面。如果所有以某个 uid
[all …]
H A Dindex.rst27 no_new_privs
/openbmc/linux/Documentation/userspace-api/
H A Dno_new_privs.rst21 These are all ad-hoc fixes. The ``no_new_privs`` bit (since Linux 3.5) is a
32 To set ``no_new_privs``, use::
37 in ``no_new_privs`` mode. (This means that setting up a general-purpose
38 service launcher to set ``no_new_privs`` before execing daemons may
41 Note that ``no_new_privs`` does not prevent privilege changes that do not
45 There are two main use cases for ``no_new_privs`` so far:
50 if ``no_new_privs`` is set.
52 - By itself, ``no_new_privs`` can be used to reduce the attack surface
54 given uid has ``no_new_privs`` set, then that uid will be unable to
57 ``no_new_privs`` bit set first.
[all …]
H A Dindex.rst19 no_new_privs
/openbmc/linux/include/linux/
H A Dsched.h1820 TASK_PFA_TEST(NO_NEW_PRIVS, no_new_privs) in TASK_PFA_TEST() argument
1821 TASK_PFA_SET(NO_NEW_PRIVS, no_new_privs) in TASK_PFA_TEST()
/openbmc/linux/Documentation/filesystems/
H A Dproc.rst297 NoNewPrivs no_new_privs, like prctl(PR_GET_NO_NEW_PRIV, ...)