Merge pull request #4536 from poettering/seccomp-namespaces

author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Wed, 9 Nov 2016 00:54:21 +0000 (19:54 -0500)

committer GitHub <noreply@github.com>

Wed, 9 Nov 2016 00:54:21 +0000 (19:54 -0500)
author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 9 Nov 2016 00:54:21 +0000 (19:54 -0500)
committer GitHub <noreply@github.com>
Wed, 9 Nov 2016 00:54:21 +0000 (19:54 -0500)
diff --cc Makefile.am
Simple merge
diff --cc TODO
Simple merge
diff --cc src/core/execute.c
Simple merge
diff --cc src/core/load-fragment.c

index 75c048a23e91d36508710772d999fa554050d253,e0fa484c1e8edf2fbcb2ee4baf4c44b5d6968e30..52079980d8357f22cacd0e9b773cbeda8e1aecea
--- 1/src/core/load-fragment.c
--- 2/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@@ -2918,7 -2902,59 +2918,55 @@@ int config_parse_address_families
                   } else
                           set_remove(c->address_families, INT_TO_PTR(af));
           }
- -        if (!isempty(state))
- -                log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring.");
- -
- -        return 0;
   }
+ 
+ int config_parse_restrict_namespaces(
+                 const char *unit,
+                 const char *filename,
+                 unsigned line,
+                 const char *section,
+                 unsigned section_line,
+                 const char *lvalue,
+                 int ltype,
+                 const char *rvalue,
+                 void *data,
+                 void *userdata) {
+ 
+         ExecContext *c = data;
+         bool invert = false;
+         int r;
+ 
+         if (isempty(rvalue)) {
+                 /* Reset to the default. */
+                 c->restrict_namespaces = NAMESPACE_FLAGS_ALL;
+                 return 0;
+         }
+ 
+         if (rvalue[0] == '~') {
+                 invert = true;
+                 rvalue++;
+         }
+ 
+         r = parse_boolean(rvalue);
+         if (r > 0)
+                 c->restrict_namespaces = 0;
+         else if (r == 0)
+                 c->restrict_namespaces = NAMESPACE_FLAGS_ALL;
+         else {
+                 /* Not a boolean argument, in this case it's a list of namespace types. */
+ 
+                 r = namespace_flag_from_string_many(rvalue, &c->restrict_namespaces);
+                 if (r < 0) {
+                         log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse namespace type string, ignoring: %s", rvalue);
+                         return 0;
+                 }
+         }
+ 
+         if (invert)
+                 c->restrict_namespaces = (~c->restrict_namespaces) & NAMESPACE_FLAGS_ALL;
+ 
+         return 0;
+ }
   #endif
   
   int config_parse_unit_slice(
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Wed, 9 Nov 2016 00:54:21 +0000 (19:54 -0500)
committer	GitHub <noreply@github.com>
	Wed, 9 Nov 2016 00:54:21 +0000 (19:54 -0500)
		1	2
Makefile.am	patch \|	diff1 \|	diff2 \|	blob \| history
TODO	patch \|	diff1 \|	diff2 \|	blob \| history
src/core/execute.c	patch \|	diff1 \|	diff2 \|	blob \| history
src/core/load-fragment.c	patch \|	diff1 \|	diff2 \|	blob \| history