diff options
| author | Topi Miettinen <topimiettinen@users.noreply.github.com> | 2016-06-03 15:58:18 +0000 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2016-06-03 17:58:18 +0200 |
| commit | f3e43635932c14f8f0aea078adf3bfe09a9ba683 (patch) | |
| tree | 33371a308779fe106a49449cab1841ea1b4ec407 /src/core/execute.h | |
| parent | de4503c8d9ea9799437695c988296cc532530a14 (diff) | |
core: Restrict mmap and mprotect with PAGE_WRITE|PAGE_EXEC (#3319) (#3379)
New exec boolean MemoryDenyWriteExecute, when set, installs
a seccomp filter to reject mmap(2) with PAGE_WRITE|PAGE_EXEC
and mprotect(2) with PAGE_EXEC.
Diffstat (limited to 'src/core/execute.h')
| -rw-r--r-- | src/core/execute.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/core/execute.h b/src/core/execute.h index 41148bcea2..464869d226 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -197,6 +197,7 @@ struct ExecContext { bool ioprio_set:1; bool cpu_sched_set:1; bool no_new_privileges_set:1; + bool memory_deny_write_execute; }; #include "cgroup-util.h" |