oss-sec mailing list archives
Re: seccomp filters without PR_SET_NO_NEW_PRIVS
From: Daniel Micay <danielmicay () gmail com>
Date: Fri, 20 Nov 2015 12:10:57 -0500
On 20/11/15 12:00 PM, Florian Weimer wrote:
Is there a way on current Linux kernels to install a seccomp filter which is reset on execve and therefore does not require PR_SET_NO_NEW_PRIVS for security reasons? (The filter could restrict to execve if necessary.)
No, there's only the ability to do it with CAP_SYS_ADMIN without PR_SET_NO_NEW_PRIVS.
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- seccomp filters without PR_SET_NO_NEW_PRIVS Florian Weimer (Nov 20)
- Re: seccomp filters without PR_SET_NO_NEW_PRIVS Daniel Micay (Nov 20)