core: Private*/Protect* options with RootDirectory

When a service is chrooted with the option RootDirectory=/opt/..., then the options PrivateDevices, PrivateTmp, ProtectHome, ProtectSystem must mount the directories under $RootDirectory/{dev,tmp,home,usr,boot}. The test-ns tool can test setup_namespace() with and without chroot: $ sudo TEST_NS_PROJECTS=/home/lennart/projects ./test-ns $ sudo TEST_NS_CHROOT=/home/alban/debian-tree TEST_NS_PROJECTS=/home/alban/debian-tree/home/alban/Documents ./test-ns
author: Alban Crequy <alban@endocode.com> 2015-05-18 12:20:28 +0200
committer: Lennart Poettering <lennart@poettering.net> 2015-05-18 18:47:45 +0200
commit: ee818b89f4890b3a00e93772249fce810f60811e (patch)
tree: 0bda24d838ca13d87f40eba0dc3f582731bf9396 /src/core/namespace.h
parent: a363680faa063dbcb624a6dfc4798cff0a4ba9d5 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/core/namespace.h b/src/core/namespace.h
index 42b92e7803..00ab22bf2e 100644
--- a/src/core/namespace.h
+++ b/src/core/namespace.h
@@ -41,7 +41,8 @@ typedef enum ProtectSystem {
         _PROTECT_SYSTEM_INVALID = -1
 } ProtectSystem;
 
-int setup_namespace(char **read_write_dirs,
+int setup_namespace(const char *chroot,
+                    char **read_write_dirs,
                     char **read_only_dirs,
                     char **inaccessible_dirs,
                     const char *tmp_dir,
author	Alban Crequy <alban@endocode.com>	2015-05-18 12:20:28 +0200
committer	Lennart Poettering <lennart@poettering.net>	2015-05-18 18:47:45 +0200
commit	ee818b89f4890b3a00e93772249fce810f60811e (patch)
tree	0bda24d838ca13d87f40eba0dc3f582731bf9396 /src/core/namespace.h
parent	a363680faa063dbcb624a6dfc4798cff0a4ba9d5 (diff)