core: add two new service settings ProtectKernelTunables= and ProtectControlGroups=

If enabled, these will block write access to /sys, /proc/sys and /proc/sys/fs/cgroup.
author: Lennart Poettering <lennart@poettering.net> 2016-08-22 18:43:59 +0200
committer: Djalal Harouni <tixxdz@opendz.org> 2016-09-25 10:18:48 +0200
commit: 59eeb84ba65483c5543d1bc840c2ac75642ef638 (patch)
tree: 2195a40c7daf3575a8a7500bc8a82412056688ab /src/shared
parent: 72246c2a654ead7f7ee6e7799161e2e46dc0b84b (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index feb4a06737..c6bd2f145c 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -204,7 +204,7 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen
                               "IgnoreSIGPIPE", "TTYVHangup", "TTYReset", "RemainAfterExit",
                               "PrivateTmp", "PrivateDevices", "PrivateNetwork", "PrivateUsers", "NoNewPrivileges",
                               "SyslogLevelPrefix", "Delegate", "RemainAfterElapse", "MemoryDenyWriteExecute",
-                              "RestrictRealtime", "DynamicUser", "RemoveIPC")) {
+                              "RestrictRealtime", "DynamicUser", "RemoveIPC", "ProtectKernelTunables", "ProtectControlGroups")) {
 
                 r = parse_boolean(eq);
                 if (r < 0)
author	Lennart Poettering <lennart@poettering.net>	2016-08-22 18:43:59 +0200
committer	Djalal Harouni <tixxdz@opendz.org>	2016-09-25 10:18:48 +0200
commit	59eeb84ba65483c5543d1bc840c2ac75642ef638 (patch)
tree	2195a40c7daf3575a8a7500bc8a82412056688ab /src/shared
parent	72246c2a654ead7f7ee6e7799161e2e46dc0b84b (diff)