From 3167f78a1100349aca1c8760c7f2c340ea60cf06 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 9 Aug 2017 20:52:54 +0200 Subject: [PATCH] core: open up LockPersonality= for transient units Let's make "systemd-run -p LockPersonality=1 -t /bin/sh" work. --- src/core/dbus-execute.c | 4 +++- src/shared/bus-unit-util.c | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index d28e8aafd6..ac7cd7fd0c 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -1696,7 +1696,7 @@ int bus_exec_context_set_transient_property( "NoNewPrivileges", "SyslogLevelPrefix", "MemoryDenyWriteExecute", "RestrictRealtime", "DynamicUser", "RemoveIPC", "ProtectKernelTunables", "ProtectKernelModules", "ProtectControlGroups", "MountAPIVFS", - "CPUSchedulingResetOnFork", "NonBlocking")) { + "CPUSchedulingResetOnFork", "NonBlocking", "LockPersonality")) { int b; r = sd_bus_message_read(message, "b", &b); @@ -1744,6 +1744,8 @@ int bus_exec_context_set_transient_property( c->cpu_sched_reset_on_fork = b; else if (streq(name, "NonBlocking")) c->non_blocking = b; + else if (streq(name, "LockPersonality")) + c->lock_personality = b; unit_write_drop_in_private_format(u, mode, name, "%s=%s", name, yes_no(b)); } diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c index 1e720004c9..98a6ada9f2 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c @@ -214,7 +214,7 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen "SyslogLevelPrefix", "Delegate", "RemainAfterElapse", "MemoryDenyWriteExecute", "RestrictRealtime", "DynamicUser", "RemoveIPC", "ProtectKernelTunables", "ProtectKernelModules", "ProtectControlGroups", "MountAPIVFS", - "CPUSchedulingResetOnFork")) { + "CPUSchedulingResetOnFork", "LockPersonality")) { r = parse_boolean(eq); if (r < 0)