Document the error message when no_new_privs is set.

2025-08-22 01:49:11 +00:00 · 2022-01-19 18:53:03 -07:00 · 2022-01-19 18:53:03 -07:00 · 78e74c605e
commit 78e74c605e
parent 17b7ac3460
2 changed files with 29 additions and 0 deletions
--- a/docs/sudo.man.in
+++ b/docs/sudo.man.in
@ -1386,6 +1386,21 @@ environment variable.
 was unable to find a usable temporary directory in which to store its
 intermediate files.
 .TP 6n
+\fRThe\fR \(lqno new privileges\(rq flag is set, which prevents sudo from running as root.
+\fBsudo\fR
+was run by a process that has the Linux
+\(lqno new privileges\(rq
+flag is set.
+This causes the set-user-ID bit to be ignored when running an executable,
+preventing
+\fBsudo\fR
+from functioning.
+The most likely cause for this is running
+\fBsudo\fR
+within a container that sets this flag.
+Check the documentation to see if it is possible to configure the
+container such that the flag is not set.
+.TP 6n
 \fRsudo must be owned by uid 0 and have the setuid bit set\fR
 \fBsudo\fR
 was not run with root privileges.
--- a/docs/sudo.mdoc.in
+++ b/docs/sudo.mdoc.in
@ -1281,6 +1281,20 @@ environment variable.
 .Nm sudoedit
 was unable to find a usable temporary directory in which to store its
 intermediate files.
+.It Li The Do "no new privileges" Dc "flag is set, which prevents sudo from running as root."
+.Nm
+was run by a process that has the Linux
+.Dq no new privileges
+flag is set.
+This causes the set-user-ID bit to be ignored when running an executable,
+preventing
+.Nm
+from functioning.
+The most likely cause for this is running
+.Nm
+within a container that sets this flag.
+Check the documentation to see if it is possible to configure the
+container such that the flag is not set.
 .It Li sudo must be owned by uid 0 and have the setuid bit set
 .Nm
 was not run with root privileges.