diff options
author | Mike Frysinger <vapier@gentoo.org> | 2021-10-21 20:20:58 -0400 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2021-10-23 20:54:46 -0400 |
commit | f0d8469ab6f3a4039038bf86cc829e917b596f40 (patch) | |
tree | 25fb9ed1dd03c33514259e3631eb4fc031eef4a1 /headers.h | |
parent | tests: fix lremovexattr typo (diff) | |
download | sandbox-f0d8469ab6f3a4039038bf86cc829e917b596f40.tar.gz sandbox-f0d8469ab6f3a4039038bf86cc829e917b596f40.tar.bz2 sandbox-f0d8469ab6f3a4039038bf86cc829e917b596f40.zip |
sandbox: leverage PR_SET_NO_NEW_PRIVS when availablev2.27
This will lock down the ability to use set*id programs (like sudo),
and will allow us to utilize seccomp bpf to speed up ptrace.
Closes: https://bugs.gentoo.org/442172
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'headers.h')
-rw-r--r-- | headers.h | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -113,6 +113,9 @@ #ifdef HAVE_SYS_PARAM_H # include <sys/param.h> #endif +#ifdef HAVE_SYS_PRCTL_H +# include <sys/prctl.h> +#endif #ifdef HAVE_SYS_PTRACE_H # include <sys/ptrace.h> #endif |