Re: seccomp filters without PR_SET_NO_NEW_PRIVS

[Daniel Micay <danielmicay () gmail com>]

On 20/11/15 12:00 PM, Florian Weimer wrote:
> Is there a way on current Linux kernels to install a seccomp filter
> which is reset on execve and therefore does not require
> PR_SET_NO_NEW_PRIVS for security reasons?  (The filter could restrict to
> execve if necessary.)

No, there's only the ability to do it with CAP_SYS_ADMIN without
PR_SET_NO_NEW_PRIVS.

Attachment: signature.asc
Description: OpenPGP digital signature