We have 16 bits for things that are on by default and 16 bits that are off by default, that should be sufficient to keep binary compatibility for a while
Mask of flags to apply by default
Drop capabilities
Execute under a Linux Security Module
Set custom LSM label specified in @lsm_label.
TODO: currently unused
Move to cgroup
PR_SET_NO_NEW_PRIVS Set PR_SET_NO_NEW_PRIVS to block execve() gainable privileges.
Remount /proc filesystem
Set personality
Set additional group ids specified in @groups.
Allocate new terminal for attached process.
Author
A.P.A. Slaa (a.p.a.slaa@projectsource.nl) ProjectSource V.O.F.
Date
03-07-2024