NEWS

handle user does not exist
report when run as non-privileged user (can't change user)

What is one way?

A tool to drop privileges in a non-reversible way (ex. for docker entry-points)
It uses Linux kernel system call prctl with PR_SET_NO_NEW_PRIVS to achieve this

There is no way to gain privileges again, even with setuid binaries

Assets 4

19 Oct 20:19

muayyad-alsadi

v0.2

c684bba

First usable release - securely drop privileges

If you want to drop privileges (as in Docker entry-points) but you don't want your process to be child process of su or sudo process.

oneway [-n|-N] USER COMMAND ARGUMENTS...

with -n it will call prctl with PR_SET_NO_NEW_PRIVS to disallow future privileges

Assets 4

06 Sep 07:41

muayyad-alsadi

v0.1

104506a

initial release

Oneway - a tool to drop privileges for docker entry-points

In your Dockerfile you might use Yelp's dumb-init

in your start.sh have something like

exec oneway -n app app /app.sh

make sure your read README.md

Assets 3

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

NEWS

What is one way?

Oneway - a tool to drop privileges for docker entry-points

Navigation Menu

Releases: muayyad-alsadi/oneway

bug fixes

NEWS

What is one way?

First usable release - securely drop privileges

initial release

Oneway - a tool to drop privileges for docker entry-points