core: ProtectHostname= feature

Let services use a private UTS namespace. In addition, a seccomp filter is installed on set{host,domain}name and a ro bind mounts on /proc/sys/kernel/{host,domain}name.
author: Topi Miettinen <toiwoton@gmail.com> 2019-02-08 19:25:00 +0200
committer: Topi Miettinen <toiwoton@gmail.com> 2019-02-20 10:50:44 +0200
commit: aecd5ac6218f6291186b530b89cf2e97333fffc0 (patch)
tree: b62af068d107195fbc6b67cca60d48f7236a2d36 /src/shared/bus-unit-util.c
parent: a6fe3b48941cebcb64a691db162ef2b9148bbccb (diff)
download: systemd-aecd5ac6218f6291186b530b89cf2e97333fffc0.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index 9a8051d063..d4643403c7 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -740,7 +740,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con
                        "PrivateMounts", "NoNewPrivileges", "SyslogLevelPrefix",
                        "MemoryDenyWriteExecute", "RestrictRealtime", "DynamicUser", "RemoveIPC",
                        "ProtectKernelTunables", "ProtectKernelModules", "ProtectControlGroups",
-                       "MountAPIVFS", "CPUSchedulingResetOnFork", "LockPersonality"))
+                       "MountAPIVFS", "CPUSchedulingResetOnFork", "LockPersonality", "ProtectHostname"))
 
                 return bus_append_parse_boolean(m, field, eq);
author	Topi Miettinen <toiwoton@gmail.com>	2019-02-08 19:25:00 +0200
committer	Topi Miettinen <toiwoton@gmail.com>	2019-02-20 10:50:44 +0200
commit	aecd5ac6218f6291186b530b89cf2e97333fffc0 (patch)
tree	b62af068d107195fbc6b67cca60d48f7236a2d36 /src/shared/bus-unit-util.c
parent	a6fe3b48941cebcb64a691db162ef2b9148bbccb (diff)
download	systemd-aecd5ac6218f6291186b530b89cf2e97333fffc0.tar.gz