maemachinebroke/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity

container: unexport PR_SET_NO_NEW_PRIVS wrapper

Browse Source 
This is subtle to use correctly. It also does not make sense as part of the container API.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2026-04-10 23:45:51 +09:00
parent 67db3fbb8d
commit ad2c9f36cd
3 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
container/container.go
View File

@@ -307,7 +307,7 @@ func (p *Container) Start() error {
done <- func() error {
// PR_SET_NO_NEW_PRIVS: thread-directed but acts on all processes
// created from the calling thread
if err := SetNoNewPrivs(); err != nil {
if err := setNoNewPrivs(); err != nil {
return &StartError{
Fatal: true,
Step: "prctl(PR_SET_NO_NEW_PRIVS)",