system.set_no_new_privs
Description
Set the no_new_privs
attribute for the calling process (i.e. threads are
synchronized even on Linux).
Only the master VM is allowed to use this function. |
Bugs
There’s a libpsx bug that prevents thread synchronization to work: https://bugzilla.kernel.org/show_bug.cgi?id=218607.
You may use system.seccomp_set_mode_filter() afterwards to synchronize
the no_new_privs bit in all threads.
|