diff options
Diffstat (limited to 'src/core/execute.c')
| -rw-r--r-- | src/core/execute.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/core/execute.c b/src/core/execute.c index 4b1177a7e5..8bfe186c8a 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -39,6 +39,7 @@ #include <linux/oom.h> #include <sys/poll.h> #include <glob.h> +#include <sys/personality.h> #include <libgen.h> #undef basename @@ -1372,6 +1373,13 @@ int exec_spawn(ExecCommand *command, goto fail_child; } + if (context->personality != 0xffffffffUL) + if (personality(context->personality) < 0) { + err = -errno; + r = EXIT_PERSONALITY; + goto fail_child; + } + if (context->utmp_id) utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path); @@ -1683,6 +1691,7 @@ void exec_context_init(ExecContext *c) { c->syslog_level_prefix = true; c->ignore_sigpipe = true; c->timer_slack_nsec = (nsec_t) -1; + c->personality = 0xffffffffUL; } void exec_context_done(ExecContext *c) { @@ -2130,6 +2139,11 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { "%sSELinuxContext: %s%s\n", prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context); + if (c->personality != 0xffffffffUL) + fprintf(f, + "%sPersonality: %s\n", + prefix, strna(personality_to_string(c->personality))); + if (c->syscall_filter) { #ifdef HAVE_SECCOMP Iterator j; |