From: Sebastian Kisela <skisela@redhat.com>
Date: Mon, 29 May 2017 12:17:07 +0000 (+0200)
Subject: doc: mention `setpriv --no-new-privs` feature in runcon info
X-Git-Tag: v8.28~74
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6ebaf8195000d6d3590a2eac13f13b158e325452;p=thirdparty%2Fcoreutils.git

doc: mention `setpriv --no-new-privs` feature in runcon info

* doc/coreutils.texi (runcon invocation): Mention setpriv usage.
Discussed at https://bugzilla.redhat.com/1360903
---

diff --git a/doc/coreutils.texi b/doc/coreutils.texi
index 1834e92944..77e993e467 100644
--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -16584,7 +16584,14 @@ are interpreted as arguments to the command.
 With neither @var{context} nor @var{command}, print the current
 security context.
 
-The program accepts the following options.  Also see @ref{Common options}.
+@cindex restricted security context
+@cindex NO_NEW_PRIVS
+Note also the @command{setpriv} command which can be used to set the
+NO_NEW_PRIVS bit using @command{setpriv --no-new-privs runcon ...},
+thus disallowing usage of a security context with more privileges
+than the process would normally have.
+
+@command{runcon} accepts the following options.  Also see @ref{Common options}.
 
 @table @samp