From 43e443cf314f0181bdd958df4333caa1aee086c8 Mon Sep 17 00:00:00 2001
From: Michael Zeller <mike@mikezeller.net>
Date: Wed, 16 Jun 2021 12:30:44 -0400
Subject: OS-8180 lx want support for NoNewPrivs (#317)

Reviewed by: Andy Fiddaman <andy@omnios.org>
Approved by: Dan McDonald <danmcd@joyent.com>
---
 usr/src/uts/common/brand/lx/syscall/lx_prctl.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'usr/src')

diff --git a/usr/src/uts/common/brand/lx/syscall/lx_prctl.c b/usr/src/uts/common/brand/lx/syscall/lx_prctl.c
index a8b3c3422c..24058adf89 100644
--- a/usr/src/uts/common/brand/lx/syscall/lx_prctl.c
+++ b/usr/src/uts/common/brand/lx/syscall/lx_prctl.c
@@ -278,6 +278,16 @@ lx_prctl(int opt, uintptr_t data)
 		return (0);
 	}
 
+	case LX_PR_SET_NO_NEW_PRIVS: {
+		/*
+		 * On recent versions of Linux more services are starting to set
+		 * NoNewPrivs=yes in their systemd unit file. Since we currently
+		 * just return success for LX_PR_CAPBSET_DROP there is currently
+		 * no need to map this to the illumos privileges.
+		 */
+		return (0);
+	}
+
 	default:
 		break;
 	}
-- 
cgit v1.2.3