[linux-user-chroot] Drop use of SECBIT_NOROOT, hard require PR_SET_NO_NEW_PRIVS

[Colin Walters <walters src gnome org>]

commit 123f234aa42e3d57bb13de7206d25108c739e059
Author: Colin Walters <walters verbum org>
Date:   Tue Aug 25 18:23:30 2015 -0400

    Drop use of SECBIT_NOROOT, hard require PR_SET_NO_NEW_PRIVS
    
    So sadly, I screwed up the invocation of `prctl(PR_SET_NO_NEW_PRIVS` -
    we need to provide 0 for the remaining arguments, otherwise the
    kernel will *always* give us `-EINVAL`.
    
    I didn't notice this at the time because I wanted to support the RHEL6
    kernel.  Anyways, I no longer care about RHEL6 myself, and I'm going
    to declare no one else should either =)

 configure.ac            |    4 ----
 src/linux-user-chroot.c |   21 +++++++--------------
 2 files changed, 7 insertions(+), 18 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index 4910b32..a634c5b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -24,10 +24,6 @@ AC_SUBST(WARN_CFLAGS)
 LT_PREREQ([2.2.4])
 LT_INIT([disable-static])
 
-AC_CHECK_HEADER([linux/securebits.h],
-               [AC_DEFINE([HAVE_LINUX_SECUREBITS_H], [1],
-                [Define to 1 if we have securebits.h])])
-
 AC_ARG_ENABLE(documentation,
               AC_HELP_STRING([--enable-documentation],
                              [build documentation]),,
diff --git a/src/linux-user-chroot.c b/src/linux-user-chroot.c
index 8b8700d..42bbae2 100644
--- a/src/linux-user-chroot.c
+++ b/src/linux-user-chroot.c
@@ -8,7 +8,7 @@
  * distribution, allow privilege escalation.  See the README for more
  * details.
  *
- * Copyright 2011,2012 Colin Walters <walters verbum org>
+ * Copyright 2011,2012,2015 Colin Walters <walters verbum org>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -43,12 +43,6 @@
 #include <sys/syscall.h>
 #include <sys/wait.h>
 #include <sched.h>
-#ifdef HAVE_LINUX_SECUREBITS_H
-#include <linux/securebits.h>
-#else
-#define SECBIT_NOROOT (1 << 0)
-#define SECBIT_NOROOT_LOCKED (1 << 1)
-#endif
 
 #ifndef PR_SET_NO_NEW_PRIVS
 #define PR_SET_NO_NEW_PRIVS    38
@@ -319,16 +313,15 @@ main (int      argc,
        *
        * http://lwn.net/Articles/504879/
        *
-       * If that's not available, we fall back to using SECBIT_NOROOT.
-       *
        * Following the belt-and-suspenders model, we also make a
-       * MS_NOSUID bind mount below.
+       * MS_NOSUID bind mount below.  I don't think this is strictly
+       * necessary, but at least we doubly ensure we're not going to
+       * be executing any setuid binaries from the host's /.  It
+       * doesn't help if there are any other mount points with setuid
+       * binaries, but `PR_SET_NO_NEW_PRIVS` fixes that.
        */
-      if (prctl (PR_SET_NO_NEW_PRIVS, 1) < 0 && errno != EINVAL)
+      if (prctl (PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0)
         fatal_errno ("prctl (PR_SET_NO_NEW_PRIVS)");
-      else if (prctl (PR_SET_SECUREBITS,
-                 SECBIT_NOROOT | SECBIT_NOROOT_LOCKED) < 0)
-        fatal_errno ("prctl (SECBIT_NOROOT)");
 
       /* This is necessary to undo the damage "sandbox" creates on Fedora
        * by making / a shared mount instead of private.  This isn't