Commit a4173b87 authored by Topi Miettinen's avatar Topi Miettinen Committed by Michael Kerrisk
Browse files

mount.2: document SELinux use of MS_NOSUID mount flag



Using mount flag `MS_NOSUID` also affects SELinux domain transitions but
this has not been documented well.
Signed-off-by: default avatarTopi Miettinen <toiwoton@gmail.com>
Signed-off-by: default avatarMichael Kerrisk <mtk.manpages@gmail.com>
parent 0c292c5f
......@@ -220,7 +220,9 @@ Do not allow programs to be executed from this filesystem.
.TP
.B MS_NOSUID
Do not honor set-user-ID and set-group-ID bits or file capabilities
when executing programs from this filesystem.
when executing programs from this filesystem. In addition, SELinux domain
transitions require permission nosuid_transition, which in turn needs
also policy capability nnp_nosuid_transition.
.\" (This is a security feature to prevent users executing set-user-ID and
.\" set-group-ID programs from removable disk devices.)
.TP
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment