bool protect_control_groups:1;
bool protect_kernel_tunables:1;
bool protect_kernel_modules:1;
+ bool protect_kernel_logs:1;
bool mount_apivfs:1;
+ bool protect_hostname:1;
};
struct BindMount {
char *source;
char *destination;
bool read_only:1;
+ bool nosuid:1;
bool recursive:1;
bool ignore_enoent:1;
};
size_t n_temporary_filesystems,
const char *tmp_dir,
const char *var_tmp_dir,
+ const char *log_namespace,
ProtectHome protect_home,
ProtectSystem protect_system,
unsigned long mount_flags,
- DissectImageFlags dissected_image_flags);
+ const void *root_hash,
+ size_t root_hash_size,
+ const char *root_hash_path,
+ const void *root_hash_sig,
+ size_t root_hash_sig_size,
+ const char *root_hash_sig_path,
+ const char *root_verity,
+ DissectImageFlags dissected_image_flags,
+ char **error_path);
int setup_tmp_dirs(
const char *id,
char **tmp_dir,
char **var_tmp_dir);
-int setup_netns(int netns_storage_socket[static 2]);
+int setup_netns(const int netns_storage_socket[static 2]);
+int open_netns_path(const int netns_storage_socket[static 2], const char *path);
const char* protect_home_to_string(ProtectHome p) _const_;
ProtectHome protect_home_from_string(const char *s) _pure_;