git.ipfire.org Git - thirdparty/systemd.git/commit

]> git.ipfire.org Git - thirdparty/systemd.git/commit - src/test/test-ns.c

projects / thirdparty / systemd.git / commit

author	Lennart Poettering <lennart@poettering.net>
	Thu, 6 Aug 2020 10:51:50 +0000 (12:51 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Mon, 24 Aug 2020 18:11:02 +0000 (20:11 +0200)
commit	4e39995371738b04d98d27b0d34ea8fe09ec9fab
tree	5f2a9679dccb2ecc78af8ae5d2c1c8ab0d3817eb	tree \| snapshot
parent	df6b900a1bc52fa4bdc5e26eb00a953c576fbbc0	commit \| diff

core: introduce ProtectProc= and ProcSubset= to expose hidepid= and subset= procfs mount options

Kernel 5.8 gained a hidepid= implementation that is truly per procfs,
which allows us to mount a distinct once into every unit, with
individual hidepid= settings. Let's expose this via two new settings:
ProtectProc= (wrapping hidpid=) and ProcSubset= (wrapping subset=).

Replaces: #11670

12 files changed:

docs/TRANSIENT-SETTINGS.md		diff \| blob \| blame \| history
src/core/dbus-execute.c		diff \| blob \| blame \| history
src/core/execute.c		diff \| blob \| blame \| history
src/core/execute.h		diff \| blob \| blame \| history
src/core/load-fragment-gperf.gperf.m4		diff \| blob \| blame \| history
src/core/load-fragment.c		diff \| blob \| blame \| history
src/core/load-fragment.h		diff \| blob \| blame \| history
src/core/namespace.c		diff \| blob \| blame \| history
src/core/namespace.h		diff \| blob \| blame \| history
src/shared/bus-unit-util.c		diff \| blob \| blame \| history
src/test/test-ns.c		diff \| blob \| blame \| history
test/fuzz/fuzz-unit-file/directives.service		diff \| blob \| blame \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom