execute: support syscall filtering using seccomp filters

[elogind.git] / src / core / execute.h

diff --git a/src/core/execute.h b/src/core/execute.h
index 03c63d465a10950636264b060f9502635d11e0c3..187165cdc26b1c113bdd679495de1f8e43aec528 100644 (file)
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -118,7 +118,7 @@ struct ExecContext {
         ExecOutput std_output;
         ExecOutput std_error;
 
-        unsigned long timer_slack_nsec;
+        nsec_t timer_slack_nsec;
 
         char *tcpwrap_name;
 
@@ -164,6 +164,8 @@ struct ExecContext {
         bool private_tmp;
         bool private_network;
 
+        bool no_new_privileges;
+
         bool control_group_modify;
         int control_group_persistent;
 
@@ -174,11 +176,12 @@ struct ExecContext {
          * don't enter a trigger loop. */
         bool same_pgrp;
 
+        uint32_t *syscall_filter;
+
         bool oom_score_adjust_set:1;
         bool nice_set:1;
         bool ioprio_set:1;
         bool cpu_sched_set:1;
-        bool timer_slack_nsec_set:1;
 };
 
 int exec_spawn(ExecCommand *command,
@@ -193,6 +196,7 @@ int exec_spawn(ExecCommand *command,
                struct CGroupBonding *cgroup_bondings,
                struct CGroupAttribute *cgroup_attributes,
                const char *cgroup_suffix,
+               const char *unit_id,
                int pipe_fd[2],
                pid_t *ret);