diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2022-09-12 22:24:03 +1000 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2022-09-13 05:31:51 +0200 |
| commit | d72a1e7bb96b461eb47d921436f7fe344e7b268a (patch) | |
| tree | 907c832672c6f241aac406b6b3dc72ebaa879f64 /isolation.h | |
| parent | 5d3b50c1006590c4b5aab7339203880caa8f2525 (diff) | |
| download | passt-d72a1e7bb96b461eb47d921436f7fe344e7b268a.tar passt-d72a1e7bb96b461eb47d921436f7fe344e7b268a.tar.gz passt-d72a1e7bb96b461eb47d921436f7fe344e7b268a.tar.bz2 passt-d72a1e7bb96b461eb47d921436f7fe344e7b268a.tar.lz passt-d72a1e7bb96b461eb47d921436f7fe344e7b268a.tar.xz passt-d72a1e7bb96b461eb47d921436f7fe344e7b268a.tar.zst passt-d72a1e7bb96b461eb47d921436f7fe344e7b268a.zip | |
Move self-isolation code into a separate file
passt/pasta contains a number of routines designed to isolate passt from
the rest of the system for security. These are spread through util.c and
passt.c. Move them together into a new isolation.c file.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'isolation.h')
| -rw-r--r-- | isolation.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/isolation.h b/isolation.h new file mode 100644 index 0000000..2540a35 --- /dev/null +++ b/isolation.h @@ -0,0 +1,15 @@ +/* SPDX-License-Identifier: AGPL-3.0-or-later + * Copyright Red Hat + * Author: Stefano Brivio <sbrivio@redhat.com> + * Author: David Gibson <david@gibson.dropbear.id.au> + */ + +#ifndef ISOLATION_H +#define ISOLATION_H + +void drop_caps(void); +void drop_root(uid_t uid, gid_t gid); +int sandbox(struct ctx *c); +void seccomp(const struct ctx *c); + +#endif /* ISOLATION_H */ |