From: Topi Miettinen <toiwoton@gmail.com>
Date: Sat, 12 Jun 2021 08:34:36 +0000 (+0300)
Subject: mount.8.adoc: document SELinux use of nosuid mount flag
X-Git-Tag: v2.38-rc1~460^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9a06cc233c876f55d8ee709bb220db8cd99a572e;p=thirdparty%2Futil-linux.git

mount.8.adoc: document SELinux use of nosuid mount flag

Using mount flag `nosuid` also affects SELinux domain transitions but
this has not been documented well.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
---

diff --git a/sys-utils/mount.8.adoc b/sys-utils/mount.8.adoc
index 37fb49d878..8e5c443f1a 100644
--- a/sys-utils/mount.8.adoc
+++ b/sys-utils/mount.8.adoc
@@ -568,7 +568,7 @@ Do not use the lazytime feature.
 Honor set-user-ID and set-group-ID bits or file capabilities when executing programs from this filesystem.
 
 *nosuid*::
-Do not honor set-user-ID and set-group-ID bits or file capabilities when executing programs from this filesystem.
+Do not honor set-user-ID and set-group-ID bits or file capabilities when executing programs from this filesystem. In addition, SELinux domain transitions require permission nosuid_transition, which in turn needs also policy capability nnp_nosuid_transition.
 
 *silent*::
 Turn on the silent flag.