core: add RootHashSignature service parameter

[thirdparty/systemd.git] / src / core / namespace.h

diff --git a/src/core/namespace.h b/src/core/namespace.h
index 5e0ec97969d0d1c700f6b924e6b485415d8bf847..b04b9b442ea3bddeb1b9a4855081ec77869fd091 100644 (file)
--- a/src/core/namespace.h
+++ b/src/core/namespace.h
@@ -51,13 +51,16 @@ struct NamespaceInfo {
         bool protect_control_groups:1;
         bool protect_kernel_tunables:1;
         bool protect_kernel_modules:1;
+        bool protect_kernel_logs:1;
         bool mount_apivfs:1;
+        bool protect_hostname:1;
 };
 
 struct BindMount {
         char *source;
         char *destination;
         bool read_only:1;
+        bool nosuid:1;
         bool recursive:1;
         bool ignore_enoent:1;
 };
@@ -81,17 +84,27 @@ int setup_namespace(
                 size_t n_temporary_filesystems,
                 const char *tmp_dir,
                 const char *var_tmp_dir,
+                const char *log_namespace,
                 ProtectHome protect_home,
                 ProtectSystem protect_system,
                 unsigned long mount_flags,
-                DissectImageFlags dissected_image_flags);
+                const void *root_hash,
+                size_t root_hash_size,
+                const char *root_hash_path,
+                const void *root_hash_sig,
+                size_t root_hash_sig_size,
+                const char *root_hash_sig_path,
+                const char *root_verity,
+                DissectImageFlags dissected_image_flags,
+                char **error_path);
 
 int setup_tmp_dirs(
                 const char *id,
                 char **tmp_dir,
                 char **var_tmp_dir);
 
-int setup_netns(int netns_storage_socket[static 2]);
+int setup_netns(const int netns_storage_socket[static 2]);
+int open_netns_path(const int netns_storage_socket[static 2], const char *path);
 
 const char* protect_home_to_string(ProtectHome p) _const_;
 ProtectHome protect_home_from_string(const char *s) _pure_;