mirror of https://github.com/mkerrisk/man-pages
mount.2: document SELinux use of MS_NOSUID mount flag
Using mount flag `MS_NOSUID` also affects SELinux domain transitions but this has not been documented well. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
0c292c5f93
commit
a4173b878c
|
@ -220,7 +220,9 @@ Do not allow programs to be executed from this filesystem.
|
|||
.TP
|
||||
.B MS_NOSUID
|
||||
Do not honor set-user-ID and set-group-ID bits or file capabilities
|
||||
when executing programs from this filesystem.
|
||||
when executing programs from this filesystem. In addition, SELinux domain
|
||||
transitions require permission nosuid_transition, which in turn needs
|
||||
also policy capability nnp_nosuid_transition.
|
||||
.\" (This is a security feature to prevent users executing set-user-ID and
|
||||
.\" set-group-ID programs from removable disk devices.)
|
||||
.TP
|
||||
|
|
Loading…
Reference in New Issue