add support for guarding pipestream with NO_NEW_PRIVS

[libi2ncommon] / src / pipestream.hxx

diff --git a/src/pipestream.hxx b/src/pipestream.hxx
index 0aed8a4..e22479b 100644 (file)
--- a/src/pipestream.hxx
+++ b/src/pipestream.hxx
@@ -27,6 +27,7 @@ on this file might be covered by the GNU General Public License.
 #ifndef _PIPESTREAM
 #define _PIPESTREAM
 
+#include <sys/prctl.h>
 #include <stdio.h>
 
 #include <cstring>
@@ -75,6 +76,7 @@ namespace capture_flag {
     static const int collect_err    = 1 << 1;
     static const int search_path    = 1 << 2;
     static const int env_passthru   = 1 << 3;
+    static const int no_new_privs   = 1 << 4;
 
     static const int dflt           = collect_out;
     static const int collect_any    = collect_out | collect_err;