From eeeff96fedd10487ca12e246832475090b245d36 Mon Sep 17 00:00:00 2001 From: Alessandro Puccetti Date: Wed, 6 Jul 2016 09:48:58 +0200 Subject: [PATCH] namespace: unify limit behavior on non-directory paths Despite the name, `Read{Write,Only}Directories=` already allows for regular file paths to be masked. This commit adds the same behavior to `InaccessibleDirectories=` and makes it explicit in the doc. This patch introduces `/run/elogind/inaccessible/{reg,dir,chr,blk,fifo,sock}` {dile,device}nodes and mounts on the appropriate one the paths specified in `InacessibleDirectories=`. Based on Luca's patch from https://github.com/elogind/elogind/pull/3327 --- src/basic/mount-util.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/basic/mount-util.h b/src/basic/mount-util.h index 237bd4711..9ed5b284c 100644 --- a/src/basic/mount-util.h +++ b/src/basic/mount-util.h @@ -53,4 +53,6 @@ union file_handle_union { char padding[sizeof(struct file_handle) + MAX_HANDLE_SZ]; }; +const char* mode_to_inaccessible_node(mode_t mode); + #define FILE_HANDLE_INIT { .handle.handle_bytes = MAX_HANDLE_SZ } -- 2.30.2