mirror of https://github.com/mkerrisk/man-pages
mount.2: document SELinux use of MS_NOSUID mount flag
Using mount flag `MS_NOSUID` also affects SELinux domain transitions but this has not been documented well. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
0c292c5f93
commit
a4173b878c
|
@ -220,7 +220,9 @@ Do not allow programs to be executed from this filesystem.
|
||||||
.TP
|
.TP
|
||||||
.B MS_NOSUID
|
.B MS_NOSUID
|
||||||
Do not honor set-user-ID and set-group-ID bits or file capabilities
|
Do not honor set-user-ID and set-group-ID bits or file capabilities
|
||||||
when executing programs from this filesystem.
|
when executing programs from this filesystem. In addition, SELinux domain
|
||||||
|
transitions require permission nosuid_transition, which in turn needs
|
||||||
|
also policy capability nnp_nosuid_transition.
|
||||||
.\" (This is a security feature to prevent users executing set-user-ID and
|
.\" (This is a security feature to prevent users executing set-user-ID and
|
||||||
.\" set-group-ID programs from removable disk devices.)
|
.\" set-group-ID programs from removable disk devices.)
|
||||||
.TP
|
.TP
|
||||||
|
|
Loading…
Reference in New Issue