typedef struct ExecStatus ExecStatus;
typedef struct ExecCommand ExecCommand;
typedef struct ExecContext ExecContext;
+typedef struct ExecRuntime ExecRuntime;
#include <linux/types.h>
#include <sys/time.h>
#include <stdio.h>
#include <sched.h>
-struct CGroupBonding;
-struct CGroupAttribute;
-
-typedef struct Unit Unit;
-
#include "list.h"
#include "util.h"
+#include "set.h"
+#include "fdset.h"
+#include "missing.h"
typedef enum ExecInput {
EXEC_INPUT_NULL,
bool ignore;
};
+struct ExecRuntime {
+ int n_ref;
+
+ char *tmp_dir;
+ char *var_tmp_dir;
+
+ int netns_storage_socket[2];
+};
+
struct ExecContext {
char **environment;
char **environment_files;
- struct rlimit *rlimit[RLIMIT_NLIMITS];
+ struct rlimit *rlimit[_RLIMIT_MAX];
char *working_directory, *root_directory;
mode_t umask;
nsec_t timer_slack_nsec;
- char *tcpwrap_name;
-
char *tty_path;
bool tty_reset;
char *utmp_id;
+ bool selinux_context_ignore;
+ char *selinux_context;
+
+ bool apparmor_profile_ignore;
+ char *apparmor_profile;
+
char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
unsigned long mount_flags;
bool non_blocking;
bool private_tmp;
bool private_network;
- char *tmp_dir;
- char *var_tmp_dir;
+ bool private_devices;
bool no_new_privileges;
- bool control_group_modify;
- int control_group_persistent;
-
/* This is not exposed to the user but available
* internally. We need it to make sure that whenever we spawn
* /bin/mount it is run in the same process group as us so
* don't enter a trigger loop. */
bool same_pgrp;
- uint32_t *syscall_filter;
+ unsigned long personality;
+
+ Set *syscall_filter;
+ Set *syscall_archs;
+ int syscall_errno;
+ bool syscall_whitelist:1;
+
+ Set *address_families;
+ bool address_families_whitelist:1;
+
+ char **runtime_directory;
+ mode_t runtime_directory_mode;
bool oom_score_adjust_set:1;
bool nice_set:1;
bool ioprio_set:1;
bool cpu_sched_set:1;
+ bool no_new_privileges_set:1;
};
+#include "cgroup.h"
+
int exec_spawn(ExecCommand *command,
char **argv,
ExecContext *context,
bool apply_chroot,
bool apply_tty_stdin,
bool confirm_spawn,
- struct CGroupBonding *cgroup_bondings,
- struct CGroupAttribute *cgroup_attributes,
- const char *cgroup_suffix,
+ CGroupControllerMask cgroup_mask,
+ const char *cgroup_path,
+ const char *runtime_prefix,
const char *unit_id,
+ usec_t watchdog_usec,
int pipe_fd[2],
+ ExecRuntime *runtime,
pid_t *ret);
void exec_command_done(ExecCommand *c);
int exec_command_set(ExecCommand *c, const char *path, ...);
void exec_context_init(ExecContext *c);
-void exec_context_done(ExecContext *c, bool reloading_or_reexecuting);
-void exec_context_tmp_dirs_done(ExecContext *c);
+void exec_context_done(ExecContext *c);
void exec_context_dump(ExecContext *c, FILE* f, const char *prefix);
-void exec_context_tty_reset(const ExecContext *context);
+
+int exec_context_destroy_runtime_directory(ExecContext *c, const char *runtime_root);
int exec_context_load_environment(const ExecContext *c, char ***l);
bool exec_context_may_touch_console(ExecContext *c);
-void exec_context_serialize(const ExecContext *c, Unit *u, FILE *f);
void exec_status_start(ExecStatus *s, pid_t pid);
void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status);
void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix);
-const char* exec_output_to_string(ExecOutput i);
-ExecOutput exec_output_from_string(const char *s);
+int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id);
+ExecRuntime *exec_runtime_ref(ExecRuntime *r);
+ExecRuntime *exec_runtime_unref(ExecRuntime *r);
+
+int exec_runtime_serialize(ExecRuntime *rt, Unit *u, FILE *f, FDSet *fds);
+int exec_runtime_deserialize_item(ExecRuntime **rt, Unit *u, const char *key, const char *value, FDSet *fds);
+
+void exec_runtime_destroy(ExecRuntime *rt);
+
+const char* exec_output_to_string(ExecOutput i) _const_;
+ExecOutput exec_output_from_string(const char *s) _pure_;
-const char* exec_input_to_string(ExecInput i);
-ExecInput exec_input_from_string(const char *s);
+const char* exec_input_to_string(ExecInput i) _const_;
+ExecInput exec_input_from_string(const char *s) _pure_;