diff options
Diffstat (limited to 'src/grp-system/libcore/execute.h')
-rw-r--r-- | src/grp-system/libcore/execute.h | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/grp-system/libcore/execute.h b/src/grp-system/libcore/execute.h index 18d6f0e4a3..cf5e7e4617 100644 --- a/src/grp-system/libcore/execute.h +++ b/src/grp-system/libcore/execute.h @@ -24,9 +24,10 @@ #include <stdio.h> #include <sys/capability.h> -#include "basic/fdset.h" +#include "basic/cgroup-util.h" #include "basic/list.h" #include "basic/missing.h" +#include "shared/fdset.h" typedef struct ExecCommand ExecCommand; typedef struct ExecContext ExecContext; @@ -82,7 +83,8 @@ struct ExecCommand { char **argv; ExecStatus exec_status; LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */ - bool ignore; + bool ignore:1; + bool privileged:1; }; struct ExecRuntime { @@ -130,7 +132,7 @@ struct ExecContext { bool ignore_sigpipe; - /* Since resolving these names might might involve socket + /* Since resolving these names might involve socket * connections and we don't want to deadlock ourselves these * names are resolved on execution only and in the child * process. */ @@ -152,7 +154,7 @@ struct ExecContext { bool smack_process_label_ignore; char *smack_process_label; - char **read_write_dirs, **read_only_dirs, **inaccessible_dirs; + char **read_write_paths, **read_only_paths, **inaccessible_paths; unsigned long mount_flags; uint64_t capability_bounding_set; @@ -193,6 +195,9 @@ struct ExecContext { char **runtime_directory; mode_t runtime_directory_mode; + bool memory_deny_write_execute; + bool restrict_realtime; + bool oom_score_adjust_set:1; bool nice_set:1; bool ioprio_set:1; @@ -200,10 +205,6 @@ struct ExecContext { bool no_new_privileges_set:1; }; -#include "basic/cgroup-util.h" - -#include "cgroup.h" - struct ExecParameters { char **argv; char **environment; @@ -234,6 +235,8 @@ struct ExecParameters { int stderr_fd; }; +#include "unit.h" + int exec_spawn(Unit *unit, ExecCommand *command, const ExecContext *context, |