Message ID | 20240229212050.547864-1-josimmon@redhat.com |
---|---|
State | New |
Headers | show |
Series | manual/tunables - Add entry for enable_secure tunable. | expand |
On 2024-02-29 16:20, Joe Simmons-Talbott wrote: > From: Joe Talbott <joetalbott@gmail.com> > > --- OK with a small nit fix below. Please fix that and push, also posting the updated patch as [committed] to the mailing list. Thanks, Sid Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> > manual/tunables.texi | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/manual/tunables.texi b/manual/tunables.texi > index be97190d67..280d90dd5d 100644 > --- a/manual/tunables.texi > +++ b/manual/tunables.texi > @@ -345,6 +345,16 @@ performance issues of @samp{1}. > The default value of this tunable is @samp{2}. > @end deftp > > +@deftp Tunable glibc.rtld.enable_secure > +Used to run a program as if it were a setuid process. The only valid value > +is @samp{1} as this tunable can only be used to set and not unset > +enable_secure. Setting this tunable to @samp{1} also disables all other @code{enable_secure} > +tunables. This tunable is intended to facilitate more extensive verification > +tests for @code{AT_SECURE} programs and not meant to be a security feature. > + > +The default value of this tunable is @samp{0}. > +@end deftp > + > @node Elision Tunables > @section Elision Tunables > @cindex elision tunables
diff --git a/manual/tunables.texi b/manual/tunables.texi index be97190d67..280d90dd5d 100644 --- a/manual/tunables.texi +++ b/manual/tunables.texi @@ -345,6 +345,16 @@ performance issues of @samp{1}. The default value of this tunable is @samp{2}. @end deftp +@deftp Tunable glibc.rtld.enable_secure +Used to run a program as if it were a setuid process. The only valid value +is @samp{1} as this tunable can only be used to set and not unset +enable_secure. Setting this tunable to @samp{1} also disables all other +tunables. This tunable is intended to facilitate more extensive verification +tests for @code{AT_SECURE} programs and not meant to be a security feature. + +The default value of this tunable is @samp{0}. +@end deftp + @node Elision Tunables @section Elision Tunables @cindex elision tunables
From: Joe Talbott <joetalbott@gmail.com> --- manual/tunables.texi | 10 ++++++++++ 1 file changed, 10 insertions(+)