From 0648bb70a9da1f9fee2919861d535dc74afef8df Mon Sep 17 00:00:00 2001
From: Derek Dai <daiderek@gmail.com>
Date: Wed, 10 May 2017 14:21:32 +0800
Subject: [PATCH] miracle-dispd: set no new priviledge flag before exec encoder

Change-Id: I1b7f18a704203fc60a35b67f09936095ae6398f0
---
 src/disp/dispd-encoder.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/disp/dispd-encoder.c b/src/disp/dispd-encoder.c
index 29183d7..53c8ca3 100644
--- a/src/disp/dispd-encoder.c
+++ b/src/disp/dispd-encoder.c
@@ -18,6 +18,7 @@
  */
 #include <systemd/sd-event.h>
 #include <systemd/sd-bus.h>
+#include <sys/prctl.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <errno.h>
@@ -103,6 +104,12 @@ static void dispd_encoder_exec(const char *cmd, int fd, struct wfd_session *s)
 		goto error;
 	}
 
+	r = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+	if(0 > r) {
+		log_vERRNO();
+		goto error;
+	}
+
 	r = execvpe(cmd,
 					(char *[]){ (char *) cmd, NULL },
 					(char *[]){ disp,