diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2019-02-08 19:25:00 +0200 |
---|---|---|
committer | Topi Miettinen <toiwoton@gmail.com> | 2019-02-20 10:50:44 +0200 |
commit | aecd5ac6218f6291186b530b89cf2e97333fffc0 (patch) | |
tree | b62af068d107195fbc6b67cca60d48f7236a2d36 /src/shared/seccomp-util.h | |
parent | a6fe3b48941cebcb64a691db162ef2b9148bbccb (diff) | |
download | systemd-aecd5ac6218f6291186b530b89cf2e97333fffc0.tar.gz |
core: ProtectHostname= feature
Let services use a private UTS namespace. In addition, a seccomp filter is
installed on set{host,domain}name and a ro bind mounts on
/proc/sys/kernel/{host,domain}name.
Diffstat (limited to 'src/shared/seccomp-util.h')
-rw-r--r-- | src/shared/seccomp-util.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h index d8a36c4e21..477400237b 100644 --- a/src/shared/seccomp-util.h +++ b/src/shared/seccomp-util.h @@ -85,6 +85,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist); int seccomp_restrict_realtime(void); int seccomp_memory_deny_write_execute(void); int seccomp_lock_personality(unsigned long personality); +int seccomp_protect_hostname(void); extern const uint32_t seccomp_local_archs[]; |