doc: mention `setpriv --no-new-privs` feature in runcon info

author Sebastian Kisela <skisela@redhat.com>

Mon, 29 May 2017 12:17:07 +0000 (14:17 +0200)

committer Pádraig Brady <P@draigBrady.com>

Mon, 29 May 2017 19:42:00 +0000 (12:42 -0700)
author Sebastian Kisela <skisela@redhat.com>
Mon, 29 May 2017 12:17:07 +0000 (14:17 +0200)
committer Pádraig Brady <P@draigBrady.com>
Mon, 29 May 2017 19:42:00 +0000 (12:42 -0700)
diff --git a/doc/coreutils.texi b/doc/coreutils.texi

index 1834e92944818b71fc7df639ab185e86b6a853f9..77e993e467f58fce4b2ac424ad64b41ead9b6667 100644 (file)
--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -16584,7 +16584,14 @@ are interpreted as arguments to the command.
  With neither @var{context} nor @var{command}, print the current
  security context.
  
-The program accepts the following options.  Also see @ref{Common options}.
+@cindex restricted security context
+@cindex NO_NEW_PRIVS
+Note also the @command{setpriv} command which can be used to set the
+NO_NEW_PRIVS bit using @command{setpriv --no-new-privs runcon ...},
+thus disallowing usage of a security context with more privileges
+than the process would normally have.
+
+@command{runcon} accepts the following options.  Also see @ref{Common options}.
  
  @table @samp
author	Sebastian Kisela <skisela@redhat.com>
	Mon, 29 May 2017 12:17:07 +0000 (14:17 +0200)
committer	Pádraig Brady <P@draigBrady.com>
	Mon, 29 May 2017 19:42:00 +0000 (12:42 -0700)