diff options
| author | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-12-17 02:37:55 -0500 |
|---|---|---|
| committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-12-17 02:37:55 -0500 |
| commit | 3f0ba0278cd61b2d3bb01abc744d98a6ba3d7730 (patch) | |
| tree | dc70188bf68d634496a429225130f777c155b990 /src/core/execute.h | |
| parent | 54ebaa42b40d22bd0288507420b7a7241896c357 (diff) | |
| parent | 58a6dd15582c038a25bd7059435833943e2e4617 (diff) | |
Merge commit '58a6dd15582c038a25bd7059435833943e2e4617' into notsystemd/premove
# Conflicts:
# Makefile.am
# src/boot/bootctl.c
# system-preset/90-systemd.preset
Diffstat (limited to 'src/core/execute.h')
| -rw-r--r-- | src/core/execute.h | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/src/core/execute.h b/src/core/execute.h index 189c4d0999..106154f81a 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -92,6 +92,8 @@ struct ExecRuntime { char *tmp_dir; char *var_tmp_dir; + /* An AF_UNIX socket pair, that contains a datagram containing a file descriptor referring to the network + * namespace. */ int netns_storage_socket[2]; }; @@ -169,11 +171,14 @@ struct ExecContext { bool private_tmp; bool private_network; bool private_devices; + bool private_users; ProtectSystem protect_system; ProtectHome protect_home; bool no_new_privileges; + bool dynamic_user; + /* This is not exposed to the user but available * internally. We need it to make sure that whenever we spawn * /usr/bin/mount it is run in the same process group as us so @@ -204,6 +209,19 @@ struct ExecContext { bool no_new_privileges_set:1; }; +typedef enum ExecFlags { + EXEC_CONFIRM_SPAWN = 1U << 0, + EXEC_APPLY_PERMISSIONS = 1U << 1, + EXEC_APPLY_CHROOT = 1U << 2, + EXEC_APPLY_TTY_STDIN = 1U << 3, + + /* The following are not used by execute.c, but by consumers internally */ + EXEC_PASS_FDS = 1U << 4, + EXEC_IS_CONTROL = 1U << 5, + EXEC_SETENV_RESULT = 1U << 6, + EXEC_SET_WATCHDOG = 1U << 7, +} ExecFlags; + struct ExecParameters { char **argv; char **environment; @@ -212,11 +230,7 @@ struct ExecParameters { char **fd_names; unsigned n_fds; - bool apply_permissions:1; - bool apply_chroot:1; - bool apply_tty_stdin:1; - - bool confirm_spawn:1; + ExecFlags flags; bool selinux_context_net:1; bool cgroup_delegate:1; @@ -235,12 +249,14 @@ struct ExecParameters { }; #include "unit.h" +#include "dynamic-user.h" int exec_spawn(Unit *unit, ExecCommand *command, const ExecContext *context, const ExecParameters *exec_params, ExecRuntime *runtime, + DynamicCreds *dynamic_creds, pid_t *ret); void exec_command_done(ExecCommand *c); |