diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-06-03 23:41:44 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-06-03 23:57:51 +0200 |
| commit | 417116f23432073162ebfcb286a7800846482eed (patch) | |
| tree | 8e6076d15760c8079deb32eff461e0cc3168fa61 /src/core/load-fragment.c | |
| parent | 85b5673b337048fa881a5afb1d00d1a7b95950fb (diff) | |
core: add new ReadOnlySystem= and ProtectedHome= settings for service units
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for
a service.
ProtectedHome= uses fs namespaces to mount /home and /run/user
inaccessible or read-only for a service.
This patch also enables these settings for all our long-running services.
Together they should be good building block for a minimal service
sandbox, removing the ability for services to modify the operating
system or access the user's private data.
Diffstat (limited to 'src/core/load-fragment.c')
| -rw-r--r-- | src/core/load-fragment.c | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 6403e41113..9df78082ae 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -3044,6 +3044,49 @@ int config_parse_no_new_privileges( return 0; } +int config_parse_protected_home( + const char* unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + ExecContext *c = data; + int k; + + assert(filename); + assert(lvalue); + assert(rvalue); + assert(data); + + /* Our enum shall be a superset of booleans, hence first try + * to parse as as boolean, and then as enum */ + + k = parse_boolean(rvalue); + if (k > 0) + c->protected_home = PROTECTED_HOME_YES; + else if (k == 0) + c->protected_home = PROTECTED_HOME_NO; + else { + ProtectedHome h; + + h = protected_home_from_string(rvalue); + if (h < 0){ + log_syntax(unit, LOG_ERR, filename, line, -h, "Failed to parse protected home value, ignoring: %s", rvalue); + return 0; + } + + c->protected_home = h; + } + + return 0; +} + #define FOLLOW_MAX 8 static int open_follow(char **filename, FILE **_f, Set *names, char **_final) { |