core: Restrict mmap and mprotect with PAGE_WRITE|PAGE_EXEC (#3319) (#3379)

[thirdparty/systemd.git] / src / core / execute.h

diff --git a/src/core/execute.h b/src/core/execute.h
index be5be9f531769a8b86b5d7768e829309e510cf0e..464869d22670d7558310d0e0794a1aaf3ffab150 100644 (file)
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -1,5 +1,3 @@
-/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
-
 #pragma once
 
 /***
@@ -32,7 +30,6 @@ typedef struct ExecParameters ExecParameters;
 #include <stdio.h>
 #include <sys/capability.h>
 
-#include "bus-endpoint.h"
 #include "fdset.h"
 #include "list.h"
 #include "missing.h"
@@ -122,6 +119,8 @@ struct ExecContext {
 
         nsec_t timer_slack_nsec;
 
+        bool stdio_as_fds;
+
         char *tty_path;
 
         bool tty_reset;
@@ -155,9 +154,8 @@ struct ExecContext {
         char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
         unsigned long mount_flags;
 
-        uint64_t capability_bounding_set_drop;
-
-        cap_t capabilities;
+        uint64_t capability_bounding_set;
+        uint64_t capability_ambient_set;
         int secure_bits;
 
         int syslog_priority;
@@ -199,9 +197,7 @@ struct ExecContext {
         bool ioprio_set:1;
         bool cpu_sched_set:1;
         bool no_new_privileges_set:1;
-
-        /* custom dbus enpoint */
-        BusEndpoint *bus_endpoint;
+        bool memory_deny_write_execute;
 };
 
 #include "cgroup-util.h"
@@ -232,9 +228,6 @@ struct ExecParameters {
 
         int *idle_pipe;
 
-        char *bus_endpoint_path;
-        int bus_endpoint_fd;
-
         int stdin_fd;
         int stdout_fd;
         int stderr_fd;