NoNewPrivileges setting
The property NoNewPrivileges is a systemd unit setting used for sandboxing. It is available since systemd 187.
Purpose: prevent processes from gaining new privileges
Why and when to use NoNewPrivileges
The systemd unit setting NoNewPrivileges prevents processes and its children of obtaining new privileges. Normally this is possible via execve(2), a syscall that executes a program and when filesystem capabilities provide new privileges. Another option is obtaining this via setgid and setuid bits on files.
Configuration options of NoNewPrivileges
When this unit setting is set to ‘yes’, the process and child processes will be denied the possibility to get additional privileges.
Generic advice
Most services can be configured with NoNewPrivileges=yes.
Values
Systemd unit setting NoNewPrivileges expects a boolean (yes/no or true/false).
Value | Intended action | Available since systemd version |
---|---|---|
no | processes may obtain new privileges - default | |
yes | processes are restricted and can't gain new privileges |
Example to show the current value of NoNewPrivileges for the ssh service:
systemctl show --property=NoNewPrivileges ssh.serviceRelated hardening profiles
The systemd unit setting NoNewPrivileges is used in the following hardening profiles.