Function capctl::prctl::set_no_new_privs

pub fn set_no_new_privs() -> Result<()>

Enable the no-new-privileges flag on the current thread.

If this flag is enabled, execve() will no longer honor set-user-ID/set-group-ID bits and file capabilities on executables. See prctl(2) for more details.

Once this is enabled, it cannot be unset.