diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-12-22 23:34:35 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2017-02-07 11:22:05 +0100 |
| commit | 5d997827e2ebe5d4f438748d1ac87c10c29045c6 (patch) | |
| tree | 28f9edefba7c8065ed0395d97820a47471457fcc /src/core/dbus-execute.c | |
| parent | 1eb7e08e20a329b1f074968c88fee5d8adf3bbaf (diff) | |
core: add a per-unit setting MountAPIVFS= for mounting /dev, /proc, /sys in conjunction with RootDirectory=
This adds a boolean unit file setting MountAPIVFS=. If set, the three
main API VFS mounts will be mounted for the service. This only has an
effect on RootDirectory=, which it makes a ton times more useful.
(This is basically the /dev + /proc + /sys mounting code posted in the
original #4727, but rebased on current git, and with the automatic logic
replaced by explicit logic controlled by a unit file setting)
Diffstat (limited to 'src/core/dbus-execute.c')
| -rw-r--r-- | src/core/dbus-execute.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index cc10e2d8e7..60b0288bb0 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -828,6 +828,7 @@ const sd_bus_vtable bus_exec_vtable[] = { SD_BUS_PROPERTY("RestrictNamespaces", "t", bus_property_get_ulong, offsetof(ExecContext, restrict_namespaces), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("BindPaths", "a(ssbt)", property_get_bind_paths, 0, SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("BindReadOnlyPaths", "a(ssbt)", property_get_bind_paths, 0, SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("MountAPIVFS", "b", bus_property_get_bool, offsetof(ExecContext, mount_apivfs), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_VTABLE_END }; @@ -1207,7 +1208,7 @@ int bus_exec_context_set_transient_property( "PrivateTmp", "PrivateDevices", "PrivateNetwork", "PrivateUsers", "NoNewPrivileges", "SyslogLevelPrefix", "MemoryDenyWriteExecute", "RestrictRealtime", "DynamicUser", "RemoveIPC", "ProtectKernelTunables", - "ProtectKernelModules", "ProtectControlGroups")) { + "ProtectKernelModules", "ProtectControlGroups", "MountAPIVFS")) { int b; r = sd_bus_message_read(message, "b", &b); @@ -1247,6 +1248,8 @@ int bus_exec_context_set_transient_property( c->protect_kernel_modules = b; else if (streq(name, "ProtectControlGroups")) c->protect_control_groups = b; + else if (streq(name, "MountAPIVFS")) + c->mount_apivfs = b; unit_write_drop_in_private_format(u, mode, name, "%s=%s", name, yes_no(b)); } |