core: add RootImage= setting for using a specific image file as root directory for...

[thirdparty/systemd.git] / src / core / execute.h

diff --git a/src/core/execute.h b/src/core/execute.h
index 6082c42aba2c6af3df55ad418d9a5bb5b5b2c638..9f2b6fd39e334111c3996ba43cc4449c963c1212 100644 (file)
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -35,6 +35,7 @@ typedef struct ExecParameters ExecParameters;
 #include "list.h"
 #include "missing.h"
 #include "namespace.h"
+#include "nsflags.h"
 
 typedef enum ExecUtmpMode {
         EXEC_UTMP_INIT,
@@ -50,6 +51,7 @@ typedef enum ExecInput {
         EXEC_INPUT_TTY_FORCE,
         EXEC_INPUT_TTY_FAIL,
         EXEC_INPUT_SOCKET,
+        EXEC_INPUT_NAMED_FD,
         _EXEC_INPUT_MAX,
         _EXEC_INPUT_INVALID = -1
 } ExecInput;
@@ -65,6 +67,7 @@ typedef enum ExecOutput {
         EXEC_OUTPUT_JOURNAL,
         EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
         EXEC_OUTPUT_SOCKET,
+        EXEC_OUTPUT_NAMED_FD,
         _EXEC_OUTPUT_MAX,
         _EXEC_OUTPUT_INVALID = -1
 } ExecOutput;
@@ -103,7 +106,7 @@ struct ExecContext {
         char **pass_environment;
 
         struct rlimit *rlimit[_RLIMIT_MAX];
-        char *working_directory, *root_directory;
+        char *working_directory, *root_directory, *root_image;
         bool working_directory_missing_ok;
         bool working_directory_home;
 
@@ -120,6 +123,7 @@ struct ExecContext {
         ExecInput std_input;
         ExecOutput std_output;
         ExecOutput std_error;
+        char *stdio_fdname[3];
 
         nsec_t timer_slack_nsec;
 
@@ -157,6 +161,8 @@ struct ExecContext {
 
         char **read_write_paths, **read_only_paths, **inaccessible_paths;
         unsigned long mount_flags;
+        BindMount *bind_mounts;
+        unsigned n_bind_mounts;
 
         uint64_t capability_bounding_set;
         uint64_t capability_ambient_set;
@@ -174,6 +180,10 @@ struct ExecContext {
         bool private_users;
         ProtectSystem protect_system;
         ProtectHome protect_home;
+        bool protect_kernel_tunables;
+        bool protect_kernel_modules;
+        bool protect_control_groups;
+        bool mount_apivfs;
 
         bool no_new_privileges;
 
@@ -189,6 +199,8 @@ struct ExecContext {
 
         unsigned long personality;
 
+        unsigned long restrict_namespaces; /* The CLONE_NEWxyz flags permitted to the unit's processes */
+
         Set *syscall_filter;
         Set *syscall_archs;
         int syscall_errno;
@@ -207,14 +219,19 @@ struct ExecContext {
         bool nice_set:1;
         bool ioprio_set:1;
         bool cpu_sched_set:1;
-        bool no_new_privileges_set:1;
 };
 
+static inline bool exec_context_restrict_namespaces_set(const ExecContext *c) {
+        assert(c);
+
+        return (c->restrict_namespaces & NAMESPACE_FLAGS_ALL) != NAMESPACE_FLAGS_ALL;
+}
+
 typedef enum ExecFlags {
-        EXEC_CONFIRM_SPAWN     = 1U << 0,
-        EXEC_APPLY_PERMISSIONS = 1U << 1,
-        EXEC_APPLY_CHROOT      = 1U << 2,
-        EXEC_APPLY_TTY_STDIN   = 1U << 3,
+        EXEC_APPLY_PERMISSIONS = 1U << 0,
+        EXEC_APPLY_CHROOT      = 1U << 1,
+        EXEC_APPLY_TTY_STDIN   = 1U << 2,
+        EXEC_NEW_KEYRING       = 1U << 3,
 
         /* The following are not used by execute.c, but by consumers internally */
         EXEC_PASS_FDS          = 1U << 4,
@@ -240,6 +257,8 @@ struct ExecParameters {
 
         const char *runtime_prefix;
 
+        const char *confirm_spawn;
+
         usec_t watchdog_usec;
 
         int *idle_pipe;
@@ -281,6 +300,8 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix);
 int exec_context_destroy_runtime_directory(ExecContext *c, const char *runtime_root);
 
 int exec_context_load_environment(Unit *unit, const ExecContext *c, char ***l);
+int exec_context_named_iofds(Unit *unit, const ExecContext *c, const ExecParameters *p, int named_iofds[3]);
+const char* exec_context_fdname(const ExecContext *c, int fd_index);
 
 bool exec_context_may_touch_console(ExecContext *c);
 bool exec_context_maintains_privileges(ExecContext *c);