Files · 6ce8e67825258fe8a38b057b1459a4f35e4b39bb · Chen Yisong / lxc

attach: set no_new_privs flag after LSM label · 6ce8e678

authored Jun 30, 2020

In `start.c:1284`, no_new_privs flag is set after LSM label is set.
Also, in `lxc.container.conf` documentation it is written that:
```
Note that PR_SET_NO_NEW_PRIVS is applied after the container has
changed into its intended AppArmor profile or SElinux context.
```
This commit fixes the behavior of `lxc_attach` by moving
`PR_SET_NO_NEW_PRIVS` set logic after LSM for the process is configured;

Closes #3393
Signed-off-by: Alexander Livenets <a.livenets@gmail.com>

6ce8e678

Name	Last commit	Last update
.github		Loading commit data...
coccinelle		Loading commit data...
config		Loading commit data...
doc		Loading commit data...
hooks		Loading commit data...
src		Loading commit data...
templates		Loading commit data...
.gitignore		Loading commit data...
.travis.yml		Loading commit data...
AUTHORS		Loading commit data...
CODING_STYLE.md		Loading commit data...
CONTRIBUTING		Loading commit data...
INSTALL		Loading commit data...
LICENSE.GPL2		Loading commit data...
LICENSE.LGPL2.1		Loading commit data...
MAINTAINERS		Loading commit data...
Makefile.am		Loading commit data...
NEWS		Loading commit data...
README		Loading commit data...
README.md		Loading commit data...
autogen.sh		Loading commit data...
configure.ac		Loading commit data...
lxc.pc.in		Loading commit data...
lxc.spec.in		Loading commit data...

README.md