summaryrefslogtreecommitdiffstats
path: root/src/core/execute.h
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2017-08-09 16:09:04 +0200
committerLennart Poettering <lennart@poettering.net>2017-08-10 15:04:32 +0200
commit165a31c0dbd658444b6f03c95365554200740ebb (patch)
treea00b994a346777851e1ce52fb01176b318b5f0d9 /src/core/execute.h
parentcapability: add new ambient_capabilities_supported() helper (diff)
downloadsystemd-165a31c0dbd658444b6f03c95365554200740ebb.tar.xz
systemd-165a31c0dbd658444b6f03c95365554200740ebb.zip
core: add two new special ExecStart= character prefixes
This patch adds two new special character prefixes to ExecStart= and friends, in addition to the existing "-", "@" and "+": "!" → much like "+", except with a much reduced effect as it only disables the actual setresuid()/setresgid()/setgroups() calls, but leaves all other security features on, including namespace options. This is very useful in combination with RuntimeDirectory= or DynamicUser= and similar option, as a user is still allocated and used for the runtime directory, but the actual UID/GID dropping is left to the daemon process itself. This should make RuntimeDirectory= a lot more useful for daemons which insist on doing their own privilege dropping. "!!" → Similar to "!", but on systems supporting ambient caps this becomes a NOP. This makes it relatively straightforward to write unit files that make use of ambient capabilities to let systemd drop all privs while retaining compatibility with systems that lack ambient caps, where priv dropping is the left to the daemon codes themselves. This is an alternative approach to #6564 and related PRs.
Diffstat (limited to 'src/core/execute.h')
-rw-r--r--src/core/execute.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/core/execute.h b/src/core/execute.h
index 0c5811c5bd..9a28269283 100644
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -91,6 +91,8 @@ struct ExecStatus {
typedef enum ExecCommandFlags {
EXEC_COMMAND_IGNORE_FAILURE = 1,
EXEC_COMMAND_FULLY_PRIVILEGED = 2,
+ EXEC_COMMAND_NO_SETUID = 4,
+ EXEC_COMMAND_AMBIENT_MAGIC = 8,
} ExecCommandFlags;
struct ExecCommand {