diff options
author | Iago López Galeiras <iagol@microsoft.com> | 2021-02-11 16:59:30 +0100 |
---|---|---|
committer | Iago Lopez Galeiras <iagol@microsoft.com> | 2021-10-06 10:52:14 +0200 |
commit | e59ccd035c94a8448d9b99bb0b8056ed3d3a339c (patch) | |
tree | 594049fe756c6a7fcaa6d439b1e81aa9f7369614 /src/core/bpf-lsm.h | |
parent | b1994387d3cb50b212fc4815941a8ff40d60cd85 (diff) | |
download | systemd-e59ccd035c94a8448d9b99bb0b8056ed3d3a339c.tar.gz |
core: add RestrictFileSystems= fragment parser
It takes an allow or deny list of filesystems services should have
access to.
Diffstat (limited to 'src/core/bpf-lsm.h')
-rw-r--r-- | src/core/bpf-lsm.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/core/bpf-lsm.h b/src/core/bpf-lsm.h index 625fb32b50..8bd58a29e5 100644 --- a/src/core/bpf-lsm.h +++ b/src/core/bpf-lsm.h @@ -3,6 +3,12 @@ #include "hashmap.h" +typedef enum FilesystemParseFlags { + FILESYSTEM_PARSE_INVERT = 1 << 0, + FILESYSTEM_PARSE_ALLOW_LIST = 1 << 1, + FILESYSTEM_PARSE_LOG = 1 << 2, +} FilesystemParseFlags; + typedef struct Unit Unit; typedef struct Manager Manager; @@ -14,3 +20,9 @@ int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allo int lsm_bpf_cleanup(const Unit *u); int lsm_bpf_map_restrict_fs_fd(Unit *u); void lsm_bpf_destroy(struct restrict_fs_bpf *prog); +int lsm_bpf_parse_filesystem(const char *name, + Set **filesystems, + FilesystemParseFlags flags, + const char *unit, + const char *filename, + unsigned line); |