Clear environment in way like su(1), but PATH is set to hard-coded
defaults and /etc/login.defs is not used at all (I guess we want to
keep setpriv(1) simple).
If you need anything more advanced than use env(1).
Addresses: https://github.com/karelzak/util-linux/issues/325
Signed-off-by: Karel Zak <kzak@redhat.com>
Use the correct macro (I, B) for the font change of one argument, not
those that are used for alternating two fonts, like "BR", "IR", "RB",
or "RI".
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
When a process uses the syscall `prctl(PR_SET_PDEATHSIG, ...)`, it will
get notified with a process-defined signal as soon as its parent process
dies. This is for example being used by unshare(1)'s recently added
"--kill-child" option, causing the forked child to be killed as soon as
unshare itself dies.
Unfortunately, some LSMs will cause the parent death signal to be reset
when a process changes credentials, with the most important ones being
SELinux and AppArmor. The following command will thus not work as
expected:
unshare --fork --kill-child setpriv --reuid user <executable>
As soon as setpriv changes UID, the parent death signal is cleared and
the child will never get signalled when unshare gets killed.
Add a new option "--pdeathsig keep|clear|<signal>". Setting this flag
will cause us to either
- restore the previously active parent death signal as soon as the
setpriv has applied all credential changes
- clear the parent death signal
- set the parent death signal to "<signal>"
Furthermore, print out the currently set signal when dumping process
state.
[kzak@redhat.com: - small changes in codding style]
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Karel Zak <kzak@redhat.com>
The example given in the man page didn't work. Judging by commit
db663995bd, --inh-caps= used to be called
--caps= but the man page was not updated after the change was made.
Since commit fbd15c4d4 (setpriv: support setting unnamed capabilities,
2017-07-17), it is possible to name capabilities not only by name, but
also by their index. While using the human-readable name is usually
recommended, using the index may be required in case new capabilities
have been introduced to the kernel for which we have no name yet. The
newly introduce format format is not documented inside of setpriv(1),
though, which is being fixed in this commit.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Right now, we do not support modifying the set of ambient capabilities,
which has been introduced quite recently with Linux 4.3. As libcap-ng
does not yet provide any ability to modify this set, we do have to roll
our own support via `prctl`, which is now easy to do due to the
indirections introduced in the preceding commits. We add a new command
line argument "--ambient-caps", which uses the same syntax as both
"--inh-caps" and "--bounding-set" to specify either adding or dropping
capabilities.
This commit also adjusts documentation to mention the newly introduced
ability to modify the ambient capability set.
Based on a patch by Andy Lutomirski.
Reviewed-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Use consistent terminology for set-user-ID and set-group-ID bits.
There's much inconsistency in the pages. "suid",
"set-user-identifier", "setuid". Stick with one terminology,
"set-user-ID" and set-grout-ID, as suggested in man-pages(7).
Signed-off-by: <mtk.man-pages@gmail.com>
This patch does only the following:
* Order SEE ALSO entries first by section name, then alphabetically
within section
* Adds one or two missing commas in SEE ALSO lists
* Removes one or two periods that were (inconsistently) used
at the end of SEE ALSO lists.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
.. and add notes about differences between the utuils.
Reported-by: Lennart Poettering <lennart@poettering.net>
Signed-off-by: Karel Zak <kzak@redhat.com>
Mainly more option sorting, some formatting adjustments, and the adding
of a missing --version here and there.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
Also, for renice, adapt the descriptions to the behaviour: the -g,
-p and -u options do not actually need to be followed by any ID.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
The standard format is to seperate each entry with a comma, and
for each one to be on a line by itself. Most util-linux pages
follow this, but a few do not.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
This new command can set no_new_privs, uid, gid, groups, securebits,
inheritable caps, the cap bounding set, securebits, and selinux and
apparmor labels.
[kerolasa@iki.fi: a lot of small adjustment making the command to be good
fit to util-linux project]
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Karel Zak
Bjarni Ingi Gislason
Patrick Steinhardt
Sam Morris
Sebastian Schrader
Sébastien Helleu
Michael Kerrisk
J William Piggott
Benno Schulenberg
Mike Frysinger
Sami Kerola
Andy Lutomirski