d72a1e7bb9
passt/pasta contains a number of routines designed to isolate passt from the rest of the system for security. These are spread through util.c and passt.c. Move them together into a new isolation.c file. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
15 lines
363 B
C
15 lines
363 B
C
/* SPDX-License-Identifier: AGPL-3.0-or-later
|
|
* Copyright Red Hat
|
|
* Author: Stefano Brivio <sbrivio@redhat.com>
|
|
* Author: David Gibson <david@gibson.dropbear.id.au>
|
|
*/
|
|
|
|
#ifndef ISOLATION_H
|
|
#define ISOLATION_H
|
|
|
|
void drop_caps(void);
|
|
void drop_root(uid_t uid, gid_t gid);
|
|
int sandbox(struct ctx *c);
|
|
void seccomp(const struct ctx *c);
|
|
|
|
#endif /* ISOLATION_H */
|