typedef struct ExecCommand ExecCommand;
typedef struct ExecContext ExecContext;
typedef struct ExecRuntime ExecRuntime;
+typedef struct ExecParameters ExecParameters;
#include <linux/types.h>
#include <sys/time.h>
#include "util.h"
#include "set.h"
#include "fdset.h"
+#include "missing.h"
+#include "namespace.h"
+#include "bus-endpoint.h"
typedef enum ExecInput {
EXEC_INPUT_NULL,
char **environment;
char **environment_files;
- struct rlimit *rlimit[RLIMIT_NLIMITS];
+ struct rlimit *rlimit[_RLIMIT_MAX];
char *working_directory, *root_directory;
mode_t umask;
nsec_t timer_slack_nsec;
- char *tcpwrap_name;
-
char *tty_path;
bool tty_reset;
bool private_tmp;
bool private_network;
bool private_devices;
+ ProtectSystem protect_system;
+ ProtectHome protect_home;
bool no_new_privileges;
bool nice_set:1;
bool ioprio_set:1;
bool cpu_sched_set:1;
+ bool no_new_privileges_set:1;
+
+ /* custom dbus enpoint */
+ BusEndpoint *bus_endpoint;
};
#include "cgroup.h"
+struct ExecParameters {
+ char **argv;
+ int *fds; unsigned n_fds;
+ char **environment;
+ bool apply_permissions;
+ bool apply_chroot;
+ bool apply_tty_stdin;
+ bool confirm_spawn;
+ bool selinux_context_net;
+ CGroupControllerMask cgroup_supported;
+ const char *cgroup_path;
+ const char *runtime_prefix;
+ const char *unit_id;
+ usec_t watchdog_usec;
+ int *idle_pipe;
+ char *bus_endpoint_path;
+ int bus_endpoint_fd;
+};
+
int exec_spawn(ExecCommand *command,
- char **argv,
- ExecContext *context,
- int fds[], unsigned n_fds,
- char **environment,
- bool apply_permissions,
- bool apply_chroot,
- bool apply_tty_stdin,
- bool confirm_spawn,
- CGroupControllerMask cgroup_mask,
- const char *cgroup_path,
- const char *runtime_prefix,
- const char *unit_id,
- usec_t watchdog_usec,
- int pipe_fd[2],
+ const ExecContext *context,
+ const ExecParameters *exec_params,
ExecRuntime *runtime,
pid_t *ret);