Releases: muayyad-alsadi/oneway
Releases · muayyad-alsadi/oneway
bug fixes
NEWS
- handle user does not exist
- report when run as non-privileged user (can't change user)
What is one way?
A tool to drop privileges in a non-reversible way (ex. for docker entry-points)
It uses Linux kernel system call prctl
with PR_SET_NO_NEW_PRIVS
to achieve this
There is no way to gain privileges again, even with setuid
binaries
First usable release - securely drop privileges
If you want to drop privileges (as in Docker entry-points) but you don't want your process to be child process of su
or sudo
process.
oneway [-n|-N] USER COMMAND ARGUMENTS...
with -n
it will call prctl
with PR_SET_NO_NEW_PRIVS to disallow future privileges
initial release
Oneway - a tool to drop privileges for docker entry-points
In your Dockerfile
you might use Yelp's dumb-init
in your start.sh
have something like
exec oneway -n app app /app.sh
make sure your read README.md