man7.org > Linux > man-pages

Linux/UNIX system programming training

PR_SET_NO_NEW_PRIVS(2const) — Linux manual page

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | RETURN VALUE | ERRORS | FILES | STANDARDS | HISTORY | SEE ALSO | COLOPHON 

PR_SET_NO_NEW_PRIVS(2const)                  PR_SET_NO_NEW_PRIVS(2const)

NAME         top

       PR_SET_NO_NEW_PRIVS - set the calling thread's no_new_privs
       attribute

LIBRARY         top

       Standard C library (libc, -lc)

SYNOPSIS         top

       #include <linux/prctl.h>  /* Definition of PR_* constants */
       #include <sys/prctl.h>

       int prctl(PR_SET_NO_NEW_PRIVS, 1L, 0L, 0L, 0L);

DESCRIPTION         top

       Set the calling thread's no_new_privs attribute.  With
       no_new_privs set to 1, execve(2) promises not to grant privileges
       to do anything that could not have been done without the
       execve(2) call (for example, rendering the set-user-ID and set-
       group-ID mode bits, and file capabilities non-functional).

       Once set, the no_new_privs attribute cannot be unset.  The
       setting of this attribute is inherited by children created by
       fork(2) and clone(2), and preserved across execve(2).

RETURN VALUE         top

       On success, 0 is returned.  On error, -1 is returned, and errno
       is set to indicate the error.

ERRORS         top

       EINVAL The second argument is not equal to 1L.

FILES         top

       /proc/pid/status
              Since Linux 4.10, the value of a thread's no_new_privs
              attribute can be viewed via the NoNewPrivs field in this
              file.

STANDARDS         top

       Linux.

HISTORY         top

       Linux 3.5.

SEE ALSO         top

       prctl(2), PR_GET_NO_NEW_PRIVS(2const), seccomp(2)

       For more information, see the kernel source file Documentation/
       userspace-api/no_new_privs.rst (or Documentation/prctl/
       no_new_privs.txt before Linux 4.13).

COLOPHON         top

       This page is part of the man-pages (Linux kernel and C library
       user-space interface documentation) project.  Information about
       the project can be found at 
       ⟨https://www.kernel.org/doc/man-pages/⟩.  If you have a bug report
       for this manual page, see
       ⟨https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/CONTRIBUTING⟩.
       This page was obtained from the tarball man-pages-6.9.1.tar.gz
       fetched from
       ⟨https://mirrors.edge.kernel.org/pub/linux/docs/man-pages/⟩ on
       2024-06-26.  If you discover any rendering problems in this HTML
       version of the page, or you believe there is a better or more up-
       to-date source for the page, or you have corrections or
       improvements to the information in this COLOPHON (which is not
       part of the original manual page), send a mail to
       man-pages@man7.org

Linux man-pages 6.9.1          2024-06-01    PR_SET_NO_NEW_PRIVS(2const)

Pages that refer to this page: prctl(2)PR_GET_NO_NEW_PRIVS(2const)PR_SET_SECCOMP(2const)

HTML rendering created 2024-06-26 by Michael Kerrisk, author of The Linux Programming Interface.

For details of in-depth Linux/UNIX system programming training courses that I teach, look here.

Hosting by jambit GmbH.

Cover of TLPI