diff options
author | Lennart Poettering <lennart@poettering.net> | 2010-04-21 22:15:06 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2010-04-21 22:15:06 +0200 |
commit | 15ae422b7471cf6f41ccf450243d8afd8ea0a054 (patch) | |
tree | 4d44b599571defe496890db757dfe987942594bd /load-fragment.c | |
parent | 020379a7f7d2cca3ab37942db3d67d06c45083fe (diff) |
execute: support basic filesystem namespacing
Diffstat (limited to 'load-fragment.c')
-rw-r--r-- | load-fragment.c | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/load-fragment.c b/load-fragment.c index 03205f14b4..680f04171f 100644 --- a/load-fragment.c +++ b/load-fragment.c @@ -27,6 +27,7 @@ #include <fcntl.h> #include <sched.h> #include <sys/prctl.h> +#include <sys/mount.h> #include "unit.h" #include "strv.h" @@ -909,6 +910,43 @@ static int config_parse_sysv_priority( DEFINE_CONFIG_PARSE_ENUM(config_parse_kill_mode, kill_mode, KillMode, "Failed to parse kill mode"); +static int config_parse_mount_flags( + const char *filename, + unsigned line, + const char *section, + const char *lvalue, + const char *rvalue, + void *data, + void *userdata) { + + ExecContext *c = data; + char *w; + size_t l; + char *state; + unsigned long flags = 0; + + assert(filename); + assert(lvalue); + assert(rvalue); + assert(data); + + FOREACH_WORD(w, l, rvalue, state) { + if (strncmp(w, "shared", l) == 0) + flags |= MS_SHARED; + else if (strncmp(w, "slave", l) == 0) + flags |= MS_SLAVE; + else if (strncmp(w, "private", l) == 0) + flags |= MS_PRIVATE; + else { + log_error("[%s:%u] Failed to parse mount flags: %s", filename, line, rvalue); + return -EINVAL; + } + } + + c->mount_flags = flags; + return 0; +} + #define FOLLOW_MAX 8 static int open_follow(char **filename, FILE **_f, Set *names, char **_final) { @@ -1149,7 +1187,12 @@ static int load_from_path(Unit *u, const char *path) { { "LimitNICE", config_parse_limit, &(context).rlimit[RLIMIT_NICE], section }, \ { "LimitRTPRIO", config_parse_limit, &(context).rlimit[RLIMIT_RTPRIO], section }, \ { "LimitRTTIME", config_parse_limit, &(context).rlimit[RLIMIT_RTTIME], section }, \ - { "ControlGroup", config_parse_cgroup, u, section } + { "ControlGroup", config_parse_cgroup, u, section }, \ + { "ReadWriteDirectories", config_parse_path_strv, &(context).read_write_dirs, section }, \ + { "ReadOnlyDirectories", config_parse_path_strv, &(context).read_only_dirs, section }, \ + { "InaccessibleDirectories",config_parse_path_strv, &(context).inaccessible_dirs, section }, \ + { "PrivateTmp", config_parse_bool, &(context).private_tmp, section }, \ + { "MountFlags", config_parse_mount_flags, &(context), section } const ConfigItem items[] = { { "Names", config_parse_names, u, "Unit" }, |