Skip to content

Commit 3e094de

Browse files
kenyonkenyon
authored
Merge pull request #579 from DarthRL/allow-more-security-options
Allow more security-related options in Service units
2 parents 7d8598c + 910969e commit 3e094de

File tree

2 files changed

+12
-0
lines changed

2 files changed

+12
-0
lines changed

REFERENCE.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5882,6 +5882,11 @@ Struct[{
58825882
Optional['ExecPaths'] => Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/], Array[Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/]],1]],
58835883
Optional['NoExecPaths'] => Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/], Array[Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/]],1]],
58845884
Optional['PrivateDevices'] => Boolean,
5885+
Optional['PrivateNetwork'] => Boolean,
5886+
Optional['PrivateIPC'] => Boolean,
5887+
Optional['PrivatePIDs'] => Boolean,
5888+
Optional['PrivateBPF'] => Boolean,
5889+
Optional['PrivateMounts'] => Boolean,
58855890
Optional['RemoveIPC'] => Boolean,
58865891
Optional['ProtectKernelModules'] => Boolean,
58875892
Optional['ProtectKernelTunables'] => Boolean,
@@ -5909,6 +5914,7 @@ Struct[{
59095914
Optional['RootImageOptions'] => String,
59105915
Optional['RootEphemeral'] => Boolean,
59115916
Optional['RootHash'] => String,
5917+
Optional['RootDirectory'] => Stdlib::Unixpath,
59125918
Optional['LoadCredential'] => Variant[String[0],Array[String[0],1]],
59135919
Optional['LoadCredentialEncrypted'] => Variant[String[0],Array[String[0],1]],
59145920
Optional['SetCredential'] => Variant[String[0],Array[String[0],1]],

types/unit/service.pp

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -118,6 +118,11 @@
118118
Optional['ExecPaths'] => Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/], Array[Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/]],1]],
119119
Optional['NoExecPaths'] => Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/], Array[Variant[Stdlib::Unixpath,Pattern[/^-?\+?\/.+/]],1]],
120120
Optional['PrivateDevices'] => Boolean,
121+
Optional['PrivateNetwork'] => Boolean,
122+
Optional['PrivateIPC'] => Boolean,
123+
Optional['PrivatePIDs'] => Boolean,
124+
Optional['PrivateBPF'] => Boolean,
125+
Optional['PrivateMounts'] => Boolean,
121126
Optional['RemoveIPC'] => Boolean,
122127
Optional['ProtectKernelModules'] => Boolean,
123128
Optional['ProtectKernelTunables'] => Boolean,
@@ -145,6 +150,7 @@
145150
Optional['RootImageOptions'] => String,
146151
Optional['RootEphemeral'] => Boolean,
147152
Optional['RootHash'] => String,
153+
Optional['RootDirectory'] => Stdlib::Unixpath,
148154
Optional['LoadCredential'] => Variant[String[0],Array[String[0],1]],
149155
Optional['LoadCredentialEncrypted'] => Variant[String[0],Array[String[0],1]],
150156
Optional['SetCredential'] => Variant[String[0],Array[String[0],1]],

0 commit comments

Comments
 (0)