core: store and expose SELinuxContext field normalized as bool + string

[elogind.git] / src / core / execute.h

diff --git a/src/core/execute.h b/src/core/execute.h
index 5143fcaa5899ea1de5b794387807ddf6de2f3e7a..b98ef952e157fcefc5e9db07ca234fadd961a2b9 100644 (file)
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -33,13 +33,16 @@ typedef struct ExecRuntime ExecRuntime;
 #include <stdbool.h>
 #include <stdio.h>
 #include <sched.h>
+#ifdef HAVE_SECCOMP
+#include <seccomp.h>
+
+#include "set.h"
+#endif
 
 #include "list.h"
 #include "util.h"
 #include "fdset.h"
 
-typedef struct Unit Unit;
-
 typedef enum ExecInput {
         EXEC_INPUT_NULL,
         EXEC_INPUT_TTY,
@@ -135,6 +138,9 @@ struct ExecContext {
 
         char *utmp_id;
 
+        bool selinux_context_ignore;
+        char *selinux_context;
+
         char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
         unsigned long mount_flags;
 
@@ -151,6 +157,7 @@ struct ExecContext {
         bool non_blocking;
         bool private_tmp;
         bool private_network;
+        bool private_devices;
 
         bool no_new_privileges;
 
@@ -161,7 +168,10 @@ struct ExecContext {
          * don't enter a trigger loop. */
         bool same_pgrp;
 
-        uint32_t *syscall_filter;
+        Set *syscall_filter;
+        Set *syscall_archs;
+        int syscall_errno;
+        bool syscall_whitelist:1;
 
         bool oom_score_adjust_set:1;
         bool nice_set:1;
@@ -183,6 +193,7 @@ int exec_spawn(ExecCommand *command,
                CGroupControllerMask cgroup_mask,
                const char *cgroup_path,
                const char *unit_id,
+               usec_t watchdog_usec,
                int pipe_fd[2],
                ExecRuntime *runtime,
                pid_t *ret);