chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
execute: support syscall filtering using seccomp filters
[elogind.git] / src / core / execute.h
diff --git a/src/core/execute.h b/src/core/execute.h
index 6c68169a8420cd4fc5e6806bf603ba531b18fb48..187165cdc26b1c113bdd679495de1f8e43aec528 100644 (file)
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -164,6 +164,8 @@ struct ExecContext {
         bool private_tmp;
         bool private_network;
 
         bool private_tmp;
         bool private_network;
 
+        bool no_new_privileges;
+
         bool control_group_modify;
         int control_group_persistent;
 
         bool control_group_modify;
         int control_group_persistent;
 
@@ -174,6 +176,8 @@ struct ExecContext {
          * don't enter a trigger loop. */
         bool same_pgrp;
 
          * don't enter a trigger loop. */
         bool same_pgrp;
 
+        uint32_t *syscall_filter;
+
         bool oom_score_adjust_set:1;
         bool nice_set:1;
         bool ioprio_set:1;
         bool oom_score_adjust_set:1;
         bool nice_set:1;
         bool ioprio_set:1;
@@ -192,6 +196,7 @@ int exec_spawn(ExecCommand *command,
                struct CGroupBonding *cgroup_bondings,
                struct CGroupAttribute *cgroup_attributes,
                const char *cgroup_suffix,
                struct CGroupBonding *cgroup_bondings,
                struct CGroupAttribute *cgroup_attributes,
                const char *cgroup_suffix,
+               const char *unit_id,
                int pipe_fd[2],
                pid_t *ret);
 
                int pipe_fd[2],
                pid_t *ret);
 
Unnamed repository; edit this file 'description' to name the repository.