LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

mount.2: document SELinux use of MS_NOSUID mount flag 

Using mount flag `MS_NOSUID` also affects SELinux domain transitions but
this has not been documented well.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Topi Miettinen 2021-06-12 11:51:09 +03:00 committed by Michael Kerrisk
parent 0c292c5f93
commit a4173b878c
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
man2/mount.2
View File

@ -220,7 +220,9 @@ Do not allow programs to be executed from this filesystem.
.TP
.B MS_NOSUID
Do not honor set-user-ID and set-group-ID bits or file capabilities
when executing programs from this filesystem.
when executing programs from this filesystem. In addition, SELinux domain
transitions require permission nosuid_transition, which in turn needs
also policy capability nnp_nosuid_transition.
.\" (This is a security feature to prevent users executing set-user-ID and
.\" set-group-ID programs from removable disk devices.)
.TP