summaryrefslogtreecommitdiff
path: root/src/basic/mount-util.h
diff options
context:
space:
mode:
authorAlessandro Puccetti <alessandro@kinvolk.io>2016-07-06 09:48:58 +0200
committerAlessandro Puccetti <alessandro@kinvolk.io>2016-07-19 17:22:02 +0200
commitc4b41707462a74eb7008e8d12a0b4d0a0c09bff4 (patch)
treeff6991bfe6b79f53d501c061792cc428a8a38910 /src/basic/mount-util.h
parent14eb41b2a45f0ab56b06054c7bc40c3613b23e82 (diff)
namespace: unify limit behavior on non-directory paths
Despite the name, `Read{Write,Only}Directories=` already allows for regular file paths to be masked. This commit adds the same behavior to `InaccessibleDirectories=` and makes it explicit in the doc. This patch introduces `/run/systemd/inaccessible/{reg,dir,chr,blk,fifo,sock}` {dile,device}nodes and mounts on the appropriate one the paths specified in `InacessibleDirectories=`. Based on Luca's patch from https://github.com/systemd/systemd/pull/3327
Diffstat (limited to 'src/basic/mount-util.h')
-rw-r--r--src/basic/mount-util.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/basic/mount-util.h b/src/basic/mount-util.h
index bdb525d6b0..f46989ebb3 100644
--- a/src/basic/mount-util.h
+++ b/src/basic/mount-util.h
@@ -49,4 +49,6 @@ union file_handle_union {
char padding[sizeof(struct file_handle) + MAX_HANDLE_SZ];
};
+const char* mode_to_inaccessible_node(mode_t mode);
+
#define FILE_HANDLE_INIT { .handle.handle_bytes = MAX_HANDLE_SZ }