Move self-isolation code into a separate file
passt/pasta contains a number of routines designed to isolate passt from the rest of the system for security. These are spread through util.c and passt.c. Move them together into a new isolation.c file. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:
David Gibson
committed by
Stefano Brivio
Stefano Brivio
parent
5d3b50c100
commit
d72a1e7bb9
15
isolation.h
Normal file
15
isolation.h
Normal file
@@ -0,0 +1,15 @@
|
||||
/* SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
* Copyright Red Hat
|
||||
* Author: Stefano Brivio <sbrivio@redhat.com>
|
||||
* Author: David Gibson <david@gibson.dropbear.id.au>
|
||||
*/
|
||||
|
||||
#ifndef ISOLATION_H
|
||||
#define ISOLATION_H
|
||||
|
||||
void drop_caps(void);
|
||||
void drop_root(uid_t uid, gid_t gid);
|
||||
int sandbox(struct ctx *c);
|
||||
void seccomp(const struct ctx *c);
|
||||
|
||||
#endif /* ISOLATION_H */
|
||||
Reference in New Issue
Block a user