diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-06-04 18:07:55 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-06-04 18:12:55 +0200 |
| commit | 1b8689f94983b47bf190e77ddb03a8fc6af15fb3 (patch) | |
| tree | 7bb1324b3b882adaa0b8bf786f8848ccec156a94 /src/core/namespace.h | |
| parent | 4c02dd7153f970244950b5e00f7bdfea8d2ff0be (diff) | |
core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only
Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit.
With this in place we now have two neat options ProtectSystem= and
ProtectHome= for protecting the OS itself (and optionally its
configuration), and for protecting the user's data.
Diffstat (limited to 'src/core/namespace.h')
| -rw-r--r-- | src/core/namespace.h | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/src/core/namespace.h b/src/core/namespace.h index b985bdf512..9343fe3264 100644 --- a/src/core/namespace.h +++ b/src/core/namespace.h @@ -25,13 +25,21 @@ #include "macro.h" -typedef enum ProtectedHome { - PROTECTED_HOME_NO, - PROTECTED_HOME_YES, - PROTECTED_HOME_READ_ONLY, - _PROTECTED_HOME_MAX, - _PROTECTED_HOME_INVALID = -1 -} ProtectedHome; +typedef enum ProtectHome { + PROTECT_HOME_NO, + PROTECT_HOME_YES, + PROTECT_HOME_READ_ONLY, + _PROTECT_HOME_MAX, + _PROTECT_HOME_INVALID = -1 +} ProtectHome; + +typedef enum ProtectSystem { + PROTECT_SYSTEM_NO, + PROTECT_SYSTEM_YES, + PROTECT_SYSTEM_FULL, + _PROTECT_SYSTEM_MAX, + _PROTECT_SYSTEM_INVALID = -1 +} ProtectSystem; int setup_namespace(char **read_write_dirs, char **read_only_dirs, @@ -39,8 +47,8 @@ int setup_namespace(char **read_write_dirs, char *tmp_dir, char *var_tmp_dir, bool private_dev, - ProtectedHome protected_home, - bool read_only_system, + ProtectHome protect_home, + ProtectSystem protect_system, unsigned mount_flags); int setup_tmp_dirs(const char *id, @@ -49,5 +57,8 @@ int setup_tmp_dirs(const char *id, int setup_netns(int netns_storage_socket[2]); -const char* protected_home_to_string(ProtectedHome p) _const_; -ProtectedHome protected_home_from_string(const char *s) _pure_; +const char* protect_home_to_string(ProtectHome p) _const_; +ProtectHome protect_home_from_string(const char *s) _pure_; + +const char* protect_system_to_string(ProtectSystem p) _const_; +ProtectSystem protect_system_from_string(const char *s) _pure_; |