chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
syscallfilter: port to libseccomp
[elogind.git]
/
src
/
core
/
execute.h
diff --git
a/src/core/execute.h
b/src/core/execute.h
index 5143fcaa5899ea1de5b794387807ddf6de2f3e7a..b2d70d7d86bb9c0ab53e3e5de026f9bf2b8a70a3 100644
(file)
--- a/
src/core/execute.h
+++ b/
src/core/execute.h
@@
-33,13
+33,16
@@
typedef struct ExecRuntime ExecRuntime;
#include <stdbool.h>
#include <stdio.h>
#include <sched.h>
#include <stdbool.h>
#include <stdio.h>
#include <sched.h>
+#ifdef HAVE_SECCOMP
+#include <seccomp.h>
+
+#include "set.h"
+#endif
#include "list.h"
#include "util.h"
#include "fdset.h"
#include "list.h"
#include "util.h"
#include "fdset.h"
-typedef struct Unit Unit;
-
typedef enum ExecInput {
EXEC_INPUT_NULL,
EXEC_INPUT_TTY,
typedef enum ExecInput {
EXEC_INPUT_NULL,
EXEC_INPUT_TTY,
@@
-135,6
+138,8
@@
struct ExecContext {
char *utmp_id;
char *utmp_id;
+ char *selinux_context;
+
char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
unsigned long mount_flags;
char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
unsigned long mount_flags;
@@
-151,6
+156,7
@@
struct ExecContext {
bool non_blocking;
bool private_tmp;
bool private_network;
bool non_blocking;
bool private_tmp;
bool private_network;
+ bool private_devices;
bool no_new_privileges;
bool no_new_privileges;
@@
-161,7
+167,12
@@
struct ExecContext {
* don't enter a trigger loop. */
bool same_pgrp;
* don't enter a trigger loop. */
bool same_pgrp;
- uint32_t *syscall_filter;
+#ifdef HAVE_SECCOMP
+ scmp_filter_ctx syscall_filter;
+ Set *filtered_syscalls;
+ uint32_t syscall_filter_default_action;
+#endif
+ char *syscall_filter_string;
bool oom_score_adjust_set:1;
bool nice_set:1;
bool oom_score_adjust_set:1;
bool nice_set:1;
@@
-183,6
+194,7
@@
int exec_spawn(ExecCommand *command,
CGroupControllerMask cgroup_mask,
const char *cgroup_path,
const char *unit_id,
CGroupControllerMask cgroup_mask,
const char *cgroup_path,
const char *unit_id,
+ usec_t watchdog_usec,
int pipe_fd[2],
ExecRuntime *runtime,
pid_t *ret);
int pipe_fd[2],
ExecRuntime *runtime,
pid_t *ret);