core: ProtectHostname= feature

Let services use a private UTS namespace. In addition, a seccomp filter is installed on set{host,domain}name and a ro bind mounts on /proc/sys/kernel/{host,domain}name.
author: Topi Miettinen <toiwoton@gmail.com> 2019-02-08 19:25:00 +0200
committer: Topi Miettinen <toiwoton@gmail.com> 2019-02-20 10:50:44 +0200
commit: aecd5ac6218f6291186b530b89cf2e97333fffc0 (patch)
tree: b62af068d107195fbc6b67cca60d48f7236a2d36 /src/core/execute.h
parent: a6fe3b48941cebcb64a691db162ef2b9148bbccb (diff)
download: systemd-aecd5ac6218f6291186b530b89cf2e97333fffc0.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/core/execute.h b/src/core/execute.h
index 0f1bf56744..12a6e92b65 100644
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -272,6 +272,7 @@ struct ExecContext {
 
         bool memory_deny_write_execute;
         bool restrict_realtime;
+        bool protect_hostname;
 
         bool oom_score_adjust_set:1;
         bool nice_set:1;
author	Topi Miettinen <toiwoton@gmail.com>	2019-02-08 19:25:00 +0200
committer	Topi Miettinen <toiwoton@gmail.com>	2019-02-20 10:50:44 +0200
commit	aecd5ac6218f6291186b530b89cf2e97333fffc0 (patch)
tree	b62af068d107195fbc6b67cca60d48f7236a2d36 /src/core/execute.h
parent	a6fe3b48941cebcb64a691db162ef2b9148bbccb (diff)
download	systemd-aecd5ac6218f6291186b530b89cf2e97333fffc0.tar.gz