plucky (2) PR_SET_NO_NEW_PRIVS.2const.gz

Provided by: manpages-dev_6.9.1-1_all bug

NAME
       PR_SET_NO_NEW_PRIVS - set the calling thread's no_new_privs attribute


LIBRARY
       Standard C library (libc, -lc)


SYNOPSIS
       #include <linux/prctl.h>  /* Definition of PR_* constants */
       #include <sys/prctl.h>

       int prctl(PR_SET_NO_NEW_PRIVS, 1L, 0L, 0L, 0L);


DESCRIPTION
       Set  the  calling thread's no_new_privs attribute.  With no_new_privs set to 1, execve(2) promises not to
       grant privileges to do anything that could not have been done without the execve(2)  call  (for  example,
       rendering the set-user-ID and set-group-ID mode bits, and file capabilities non-functional).

       Once  set,  the  no_new_privs  attribute  cannot be unset.  The setting of this attribute is inherited by
       children created by fork(2) and clone(2), and preserved across execve(2).


RETURN VALUE
       On success, 0 is returned.  On error, -1 is returned, and errno is set to indicate the error.


ERRORS
       EINVAL The second argument is not equal to 1L.


FILES
       /proc/pid/status
              Since Linux 4.10, the value of a thread's no_new_privs attribute can be viewed via the  NoNewPrivs
              field in this file.


STANDARDS
       Linux.


HISTORY
       Linux 3.5.


SEE ALSO
       prctl(2), PR_GET_NO_NEW_PRIVS(2const), seccomp(2)

       For  more  information,  see  the  kernel  source  file  Documentation/userspace-api/no_new_privs.rst (or
       Documentation/prctl/no_new_privs.txt before Linux 4.13).