core: make unit argument const for apply seccomp functions

author Djalal Harouni <tixxdz@opendz.org>

Thu, 27 Oct 2016 07:39:20 +0000 (09:39 +0200)

committer Djalal Harouni <tixxdz@opendz.org>

Thu, 27 Oct 2016 07:40:22 +0000 (09:40 +0200)
author Djalal Harouni <tixxdz@opendz.org>
Thu, 27 Oct 2016 07:39:20 +0000 (09:39 +0200)
committer Djalal Harouni <tixxdz@opendz.org>
Thu, 27 Oct 2016 07:40:22 +0000 (09:40 +0200)
diff --git a/src/core/execute.c b/src/core/execute.c

index a9e39f6fd76fe7c56ce1b9f11fa4b2fae0751fcd..7f343c49026086f0e212d34d63ea577d2ae2f81f 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1470,7 +1470,7 @@ finish:
          return r;
  }
  
-static int apply_protect_sysctl(Unit *u, const ExecContext *c) {
+static int apply_protect_sysctl(const Unit *u, const ExecContext *c) {
          scmp_filter_ctx seccomp;
          int r;
  
@@ -1501,7 +1501,7 @@ finish:
          return r;
  }
  
-static int apply_protect_kernel_modules(Unit *u, const ExecContext *c) {
+static int apply_protect_kernel_modules(const Unit *u, const ExecContext *c) {
          assert(c);
  
          /* Turn off module syscalls on ProtectKernelModules=yes */
@@ -1512,7 +1512,7 @@ static int apply_protect_kernel_modules(Unit *u, const ExecContext *c) {
          return seccomp_load_filter_set(SCMP_ACT_ALLOW, syscall_filter_sets + SYSCALL_FILTER_SET_MODULE, SCMP_ACT_ERRNO(EPERM));
  }
  
-static int apply_private_devices(Unit *u, const ExecContext *c) {
+static int apply_private_devices(const Unit *u, const ExecContext *c) {
          assert(c);
  
          /* If PrivateDevices= is set, also turn off iopl and all @raw-io syscalls. */
author	Djalal Harouni <tixxdz@opendz.org>
	Thu, 27 Oct 2016 07:39:20 +0000 (09:39 +0200)
committer	Djalal Harouni <tixxdz@opendz.org>
	Thu, 27 Oct 2016 07:40:22 +0000 (09:40 +0200)