diff options
Diffstat (limited to 'src/core/execute.h')
| -rw-r--r-- | src/core/execute.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/core/execute.h b/src/core/execute.h index c7d0f7761e..56f880cffe 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -35,6 +35,7 @@ typedef struct ExecParameters ExecParameters; #include "list.h" #include "missing.h" #include "namespace.h" +#include "nsflags.h" typedef enum ExecUtmpMode { EXEC_UTMP_INIT, @@ -195,6 +196,8 @@ struct ExecContext { unsigned long personality; + unsigned long restrict_namespaces; /* The CLONE_NEWxyz flags permitted to the unit's processes */ + Set *syscall_filter; Set *syscall_archs; int syscall_errno; @@ -216,6 +219,12 @@ struct ExecContext { bool no_new_privileges_set:1; }; +static inline bool exec_context_restrict_namespaces_set(const ExecContext *c) { + assert(c); + + return (c->restrict_namespaces & NAMESPACE_FLAGS_ALL) != NAMESPACE_FLAGS_ALL; +} + typedef enum ExecFlags { EXEC_CONFIRM_SPAWN = 1U << 0, EXEC_APPLY_PERMISSIONS = 1U << 1, |