diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-08-22 18:43:59 +0200 |
|---|---|---|
| committer | Djalal Harouni <tixxdz@opendz.org> | 2016-09-25 10:18:48 +0200 |
| commit | 59eeb84ba65483c5543d1bc840c2ac75642ef638 (patch) | |
| tree | 2195a40c7daf3575a8a7500bc8a82412056688ab /src/core/load-fragment-gperf.gperf.m4 | |
| parent | 72246c2a654ead7f7ee6e7799161e2e46dc0b84b (diff) | |
core: add two new service settings ProtectKernelTunables= and ProtectControlGroups=
If enabled, these will block write access to /sys, /proc/sys and
/proc/sys/fs/cgroup.
Diffstat (limited to 'src/core/load-fragment-gperf.gperf.m4')
| -rw-r--r-- | src/core/load-fragment-gperf.gperf.m4 | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4 index 2e6c965aec..c49c1d6732 100644 --- a/src/core/load-fragment-gperf.gperf.m4 +++ b/src/core/load-fragment-gperf.gperf.m4 @@ -89,6 +89,8 @@ $1.ReadOnlyPaths, config_parse_namespace_path_strv, 0, $1.InaccessiblePaths, config_parse_namespace_path_strv, 0, offsetof($1, exec_context.inaccessible_paths) $1.PrivateTmp, config_parse_bool, 0, offsetof($1, exec_context.private_tmp) $1.PrivateDevices, config_parse_bool, 0, offsetof($1, exec_context.private_devices) +$1.ProtectKernelTunables, config_parse_bool, 0, offsetof($1, exec_context.protect_kernel_tunables) +$1.ProtectControlGroups, config_parse_bool, 0, offsetof($1, exec_context.protect_control_groups) $1.PrivateNetwork, config_parse_bool, 0, offsetof($1, exec_context.private_network) $1.PrivateUsers, config_parse_bool, 0, offsetof($1, exec_context.private_users) $1.ProtectSystem, config_parse_protect_system, 0, offsetof($1, exec_context) |