From a7d2a521f3ad75348fe3e7334f7a2bbfcc631540 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Thu, 5 Nov 2015 10:30:39 +0100
Subject: support dropprivs in execlog/execprog

---
 tools/execprog/execprog.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'tools/execprog')

diff --git a/tools/execprog/execprog.go b/tools/execprog/execprog.go
index d4ff9fffd..234130710 100644
--- a/tools/execprog/execprog.go
+++ b/tools/execprog/execprog.go
@@ -26,6 +26,7 @@ var (
 	flagDebug    = flag.Bool("debug", true, "debug output from executor")
 	flagStrace   = flag.Bool("strace", false, "run executor under strace")
 	flagCover    = flag.String("cover", "", "collect coverage and write to the file")
+	flagNobody   = flag.Bool("nobody", true, "impersonate into nobody")
 	flagDedup    = flag.Bool("dedup", false, "deduplicate coverage in executor")
 	flagTimeout  = flag.Duration("timeout", 5*time.Second, "execution timeout")
 )
@@ -58,6 +59,9 @@ func main() {
 	if *flagDedup {
 		flags |= ipc.FlagDedupCover
 	}
+	if *flagNobody {
+		flags |= ipc.FlagDropPrivs
+	}
 	env, err := ipc.MakeEnv(*flagExecutor, *flagTimeout, flags)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "failed to create execution environment: %v\n", err)
-- 
cgit mrf-deployment