From: Alessandro Puccetti <alessandro@kinvolk.io>
Date: Wed, 6 Jul 2016 07:48:58 +0000 (+0200)
Subject: namespace: unify limit behavior on non-directory paths
X-Git-Tag: v231.3~79
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;ds=sidebyside;h=eeeff96fedd10487ca12e246832475090b245d36;hp=91234e9678a03a52f0dccfcd4b24f561d3612d54;p=elogind.git

namespace: unify limit behavior on non-directory paths

Despite the name, `Read{Write,Only}Directories=` already allows for
regular file paths to be masked. This commit adds the same behavior
to `InaccessibleDirectories=` and makes it explicit in the doc.
This patch introduces `/run/elogind/inaccessible/{reg,dir,chr,blk,fifo,sock}`
{dile,device}nodes and mounts on the appropriate one the paths specified
in `InacessibleDirectories=`.

Based on Luca's patch from https://github.com/elogind/elogind/pull/3327
---

diff --git a/src/basic/mount-util.h b/src/basic/mount-util.h
index 237bd4711..9ed5b284c 100644
--- a/src/basic/mount-util.h
+++ b/src/basic/mount-util.h
@@ -53,4 +53,6 @@ union file_handle_union {
         char padding[sizeof(struct file_handle) + MAX_HANDLE_SZ];
 };
 
+const char* mode_to_inaccessible_node(mode_t mode);
+
 #define FILE_HANDLE_INIT { .handle.handle_bytes = MAX_HANDLE_SZ }