return 0;
}
+static unsigned namespace_calculate_mounts(
+ char** read_write_paths,
+ char** read_only_paths,
+ char** inaccessible_paths,
+ const char* tmp_dir,
+ const char* var_tmp_dir,
+ bool private_dev,
+ bool protect_sysctl,
+ bool protect_cgroups,
+ ProtectHome protect_home,
+ ProtectSystem protect_system) {
+
+ return !!tmp_dir + !!var_tmp_dir +
+ strv_length(read_write_paths) +
+ strv_length(read_only_paths) +
+ strv_length(inaccessible_paths) +
+ private_dev +
+ (protect_sysctl ? ELEMENTSOF(protect_kernel_tunables_table) : 0) +
+ (protect_cgroups ? 1 : 0) +
+ (protect_home != PROTECT_HOME_NO || protect_system == PROTECT_SYSTEM_STRICT ? 3 : 0) +
+ (protect_system == PROTECT_SYSTEM_STRICT ?
+ (2 + !private_dev + !protect_sysctl) :
+ ((protect_system != PROTECT_SYSTEM_NO ? 3 : 0) +
+ (protect_system == PROTECT_SYSTEM_FULL ? 1 : 0)));
+}
+
int setup_namespace(
const char* root_directory,
char** read_write_paths,
if (mount_flags == 0)
mount_flags = MS_SHARED;
- n = !!tmp_dir + !!var_tmp_dir +
- strv_length(read_write_paths) +
- strv_length(read_only_paths) +
- strv_length(inaccessible_paths) +
- private_dev +
- (protect_sysctl ? ELEMENTSOF(protect_kernel_tunables_table) : 0) +
- (protect_cgroups ? 1 : 0) +
- (protect_home != PROTECT_HOME_NO || protect_system == PROTECT_SYSTEM_STRICT ? 3 : 0) +
- (protect_system == PROTECT_SYSTEM_STRICT ?
- (2 + !private_dev + !protect_sysctl) :
- ((protect_system != PROTECT_SYSTEM_NO ? 3 : 0) +
- (protect_system == PROTECT_SYSTEM_FULL ? 1 : 0)));
+ n = namespace_calculate_mounts(read_write_paths,
+ read_only_paths,
+ inaccessible_paths,
+ tmp_dir, var_tmp_dir,
+ private_dev, protect_sysctl,
+ protect_cgroups, protect_home,
+ protect_system);
+ /* Set mount slave mode */
if (root_directory || n > 0)
make_slave = true;
projects / thirdparty / systemd.git / commitdiff
