core: add two new service settings ProtectKernelTunables= and ProtectControlGroups=

If enabled, these will block write access to /sys, /proc/sys and /proc/sys/fs/cgroup.
author: Lennart Poettering <lennart@poettering.net> 2016-08-22 18:43:59 +0200
committer: Djalal Harouni <tixxdz@opendz.org> 2016-09-25 10:18:48 +0200
commit: 59eeb84ba65483c5543d1bc840c2ac75642ef638 (patch)
tree: 2195a40c7daf3575a8a7500bc8a82412056688ab /src/core/namespace.h
parent: 72246c2a654ead7f7ee6e7799161e2e46dc0b84b (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/core/namespace.h b/src/core/namespace.h
index 1aedf5f208..3845336287 100644
--- a/src/core/namespace.h
+++ b/src/core/namespace.h
@@ -46,6 +46,8 @@ int setup_namespace(const char *chroot,
                     const char *tmp_dir,
                     const char *var_tmp_dir,
                     bool private_dev,
+                    bool protect_sysctl,
+                    bool protect_cgroups,
                     ProtectHome protect_home,
                     ProtectSystem protect_system,
                     unsigned long mount_flags);
author	Lennart Poettering <lennart@poettering.net>	2016-08-22 18:43:59 +0200
committer	Djalal Harouni <tixxdz@opendz.org>	2016-09-25 10:18:48 +0200
commit	59eeb84ba65483c5543d1bc840c2ac75642ef638 (patch)
tree	2195a40c7daf3575a8a7500bc8a82412056688ab /src/core/namespace.h
parent	72246c2a654ead7f7ee6e7799161e2e46dc0b84b (diff)