[minijail] document use of NO_NEW_PRIVS TEST=None BUG=None Change-Id: If95c0aea1f9dcc2f1c990678b4e85289afc841cf Signed-off-by: Elly Jones <ellyjones@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/28818 Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>

commit: 1c888ae015df417adcebb78035360cac94c21da2 [log] [tgz]
author: Elly Jones <ellyjones@chromium.org> Tue Jul 31 12:23:47 2012 -0400
committer: Gerrit <chrome-bot@google.com> Tue Jul 31 10:26:56 2012 -0700
tree: ddf4f0a3d4b74bc92bb973d2175a6ba929c7e943
parent: 6135db98e6bed85a8940c4a3eac366d6e1b56776 [diff] [blame]
diff --git a/libminijail.c b/libminijail.c
index 51a5300..cbd31f2 100644
--- a/libminijail.c
+++ b/libminijail.c

@@ -642,8 +642,9 @@
 	}
 
 	/*
-	 * Set no_new_privs before installing seccomp filter.
-	 * TODO(jorgelo): document call to PR_SET_NO_NEW_PRIVS.
+	 * Set no_new_privs before installing seccomp filter. See
+	 * </kernel/seccomp.c> and </kernel/sys.c> in the kernel source tree for
+	 * an explanation of the parameters.
 	 */
 	if (j->flags.no_new_privs) {
 		if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
commit	1c888ae015df417adcebb78035360cac94c21da2	[log] [tgz]
author	Elly Jones <ellyjones@chromium.org>	Tue Jul 31 12:23:47 2012 -0400
committer	Gerrit <chrome-bot@google.com>	Tue Jul 31 10:26:56 2012 -0700
tree	ddf4f0a3d4b74bc92bb973d2175a6ba929c7e943
parent	6135db98e6bed85a8940c4a3eac366d6e1b56776 [diff] [blame]