From f4170c671b863a211056972a469abd416086f22c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 23 Jun 2016 01:45:45 +0200
Subject: execute: add a new easy-to-use RestrictRealtime= option to units

It takes a boolean value. If true, access to SCHED_RR, SCHED_FIFO and
SCHED_DEADLINE is blocked, which my be used to lock up the system.
---
 src/core/execute.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/core/execute.h')

diff --git a/src/core/execute.h b/src/core/execute.h
index cd1f7b36f6..210eea0e82 100644
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -193,12 +193,14 @@ struct ExecContext {
         char **runtime_directory;
         mode_t runtime_directory_mode;
 
+        bool memory_deny_write_execute;
+        bool restrict_realtime;
+
         bool oom_score_adjust_set:1;
         bool nice_set:1;
         bool ioprio_set:1;
         bool cpu_sched_set:1;
         bool no_new_privileges_set:1;
-        bool memory_deny_write_execute;
 };
 
 #include "cgroup-util.h"
-- 
cgit v1.2.3-54-g00ecf