Merge pull request #4243 from endocode/djalal/sandbox-first-protection-kernelmodules-v1

core:sandbox: Add ProtectKernelModules= and some fixes
author: Lennart Poettering <lennart@poettering.net> 2016-10-13 18:36:29 +0200
committer: GitHub <noreply@github.com> 2016-10-13 18:36:29 +0200
commit: 8bfdf29b2492f7df721d20455ee10b2fd158395b (patch)
tree: cf83f461afa4925386f5d7467d3480d01c79e5c6 /src/core/dbus-execute.c
parent: f5df066d1d28920e49cf03d5950330138ea4f236 (diff)
parent: 4982dbcc300d4599aa6ac143e922d6fbee31a860 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index eec4500c8c..b8720d7d3d 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -708,6 +708,7 @@ const sd_bus_vtable bus_exec_vtable[] = {
         SD_BUS_PROPERTY("PrivateTmp", "b", bus_property_get_bool, offsetof(ExecContext, private_tmp), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("PrivateDevices", "b", bus_property_get_bool, offsetof(ExecContext, private_devices), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("ProtectKernelTunables", "b", bus_property_get_bool, offsetof(ExecContext, protect_kernel_tunables), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("ProtectKernelModules", "b", bus_property_get_bool, offsetof(ExecContext, protect_kernel_modules), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("ProtectControlGroups", "b", bus_property_get_bool, offsetof(ExecContext, protect_control_groups), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("PrivateNetwork", "b", bus_property_get_bool, offsetof(ExecContext, private_network), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("PrivateUsers", "b", bus_property_get_bool, offsetof(ExecContext, private_users), SD_BUS_VTABLE_PROPERTY_CONST),
@@ -1075,7 +1076,7 @@ int bus_exec_context_set_transient_property(
                               "PrivateTmp", "PrivateDevices", "PrivateNetwork", "PrivateUsers",
                               "NoNewPrivileges", "SyslogLevelPrefix", "MemoryDenyWriteExecute",
                               "RestrictRealtime", "DynamicUser", "RemoveIPC", "ProtectKernelTunables",
-                              "ProtectControlGroups")) {
+                              "ProtectKernelModules", "ProtectControlGroups")) {
                 int b;
 
                 r = sd_bus_message_read(message, "b", &b);
@@ -1111,6 +1112,8 @@ int bus_exec_context_set_transient_property(
                                 c->remove_ipc = b;
                         else if (streq(name, "ProtectKernelTunables"))
                                 c->protect_kernel_tunables = b;
+                        else if (streq(name, "ProtectKernelModules"))
+                                c->protect_kernel_modules = b;
                         else if (streq(name, "ProtectControlGroups"))
                                 c->protect_control_groups = b;
author	Lennart Poettering <lennart@poettering.net>	2016-10-13 18:36:29 +0200
committer	GitHub <noreply@github.com>	2016-10-13 18:36:29 +0200
commit	8bfdf29b2492f7df721d20455ee10b2fd158395b (patch)
tree	cf83f461afa4925386f5d7467d3480d01c79e5c6 /src/core/dbus-execute.c
parent	f5df066d1d28920e49cf03d5950330138ea4f236 (diff)
parent	4982dbcc300d4599aa6ac143e922d6fbee31a860 (diff)