core: ProtectHostname= feature

Let services use a private UTS namespace. In addition, a seccomp filter is installed on set{host,domain}name and a ro bind mounts on /proc/sys/kernel/{host,domain}name.
author: Topi Miettinen <toiwoton@gmail.com> 2019-02-08 19:25:00 +0200
committer: Topi Miettinen <toiwoton@gmail.com> 2019-02-20 10:50:44 +0200
commit: aecd5ac6218f6291186b530b89cf2e97333fffc0 (patch)
tree: b62af068d107195fbc6b67cca60d48f7236a2d36 /src/shared/seccomp-util.h
parent: a6fe3b48941cebcb64a691db162ef2b9148bbccb (diff)
download: systemd-aecd5ac6218f6291186b530b89cf2e97333fffc0.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/shared/seccomp-util.h b/src/shared/seccomp-util.h
index d8a36c4e21..477400237b 100644
--- a/src/shared/seccomp-util.h
+++ b/src/shared/seccomp-util.h
@@ -85,6 +85,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist);
 int seccomp_restrict_realtime(void);
 int seccomp_memory_deny_write_execute(void);
 int seccomp_lock_personality(unsigned long personality);
+int seccomp_protect_hostname(void);
 
 extern const uint32_t seccomp_local_archs[];
author	Topi Miettinen <toiwoton@gmail.com>	2019-02-08 19:25:00 +0200
committer	Topi Miettinen <toiwoton@gmail.com>	2019-02-20 10:50:44 +0200
commit	aecd5ac6218f6291186b530b89cf2e97333fffc0 (patch)
tree	b62af068d107195fbc6b67cca60d48f7236a2d36 /src/shared/seccomp-util.h
parent	a6fe3b48941cebcb64a691db162ef2b9148bbccb (diff)
download	systemd-aecd5ac6218f6291186b530b89cf2e97333fffc0.tar.gz