doc,core: Read{Write,Only}Paths= and InaccessiblePaths=

[thirdparty/systemd.git] / src / core / execute.h

diff --git a/src/core/execute.h b/src/core/execute.h
index f7205701f48d8812c50547c70c5fabb0943f6847..73b8a119b064651f31a3bddaad7f0cc3231eb49c 100644 (file)
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -81,7 +81,8 @@ struct ExecCommand {
         char **argv;
         ExecStatus exec_status;
         LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
-        bool ignore;
+        bool ignore:1;
+        bool privileged:1;
 };
 
 struct ExecRuntime {
@@ -129,7 +130,7 @@ struct ExecContext {
 
         bool ignore_sigpipe;
 
-        /* Since resolving these names might might involve socket
+        /* Since resolving these names might involve socket
          * connections and we don't want to deadlock ourselves these
          * names are resolved on execution only and in the child
          * process. */
@@ -151,14 +152,11 @@ struct ExecContext {
         bool smack_process_label_ignore;
         char *smack_process_label;
 
-        char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
+        char **read_write_paths, **read_only_paths, **inaccessible_paths;
         unsigned long mount_flags;
 
         uint64_t capability_bounding_set;
-
         uint64_t capability_ambient_set;
-
-        cap_t capabilities;
         int secure_bits;
 
         int syslog_priority;
@@ -195,6 +193,9 @@ struct ExecContext {
         char **runtime_directory;
         mode_t runtime_directory_mode;
 
+        bool memory_deny_write_execute;
+        bool restrict_realtime;
+
         bool oom_score_adjust_set:1;
         bool nice_set:1;
         bool ioprio_set:1;