oss-sec mailing list archives

seccomp filters without PR_SET_NO_NEW_PRIVS

From: Florian Weimer <fweimer () redhat com>
Date: Fri, 20 Nov 2015 18:00:43 +0100

Is there a way on current Linux kernels to install a seccomp filter
which is reset on execve and therefore does not require
PR_SET_NO_NEW_PRIVS for security reasons?  (The filter could restrict to
execve if necessary.)

Florian

Current thread:

seccomp filters without PR_SET_NO_NEW_PRIVS Florian Weimer (Nov 20)
- Re: seccomp filters without PR_SET_NO_NEW_PRIVS Daniel Micay (Nov 20)