From ac45f971a12280de55b834a65237f72dcacfc099 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 19 Feb 2014 02:15:24 +0100
Subject: core: add Personality= option for units to set the personality for
 spawned processes

---
 src/core/execute.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'src/core/execute.c')

diff --git a/src/core/execute.c b/src/core/execute.c
index 4b1177a7e5..8bfe186c8a 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -39,6 +39,7 @@
 #include <linux/oom.h>
 #include <sys/poll.h>
 #include <glob.h>
+#include <sys/personality.h>
 #include <libgen.h>
 #undef basename
 
@@ -1372,6 +1373,13 @@ int exec_spawn(ExecCommand *command,
                                 goto fail_child;
                         }
 
+                if (context->personality != 0xffffffffUL)
+                        if (personality(context->personality) < 0) {
+                                err = -errno;
+                                r = EXIT_PERSONALITY;
+                                goto fail_child;
+                        }
+
                 if (context->utmp_id)
                         utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path);
 
@@ -1683,6 +1691,7 @@ void exec_context_init(ExecContext *c) {
         c->syslog_level_prefix = true;
         c->ignore_sigpipe = true;
         c->timer_slack_nsec = (nsec_t) -1;
+        c->personality = 0xffffffffUL;
 }
 
 void exec_context_done(ExecContext *c) {
@@ -2130,6 +2139,11 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
                         "%sSELinuxContext: %s%s\n",
                         prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context);
 
+        if (c->personality != 0xffffffffUL)
+                fprintf(f,
+                        "%sPersonality: %s\n",
+                        prefix, strna(personality_to_string(c->personality)));
+
         if (c->syscall_filter) {
 #ifdef HAVE_SECCOMP
                 Iterator j;
-- 
cgit v1.2.3-54-g00ecf