From e7abfc94824b5d0f9752ebcfc303e128060609a3 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Mon, 4 Nov 2019 10:12:22 +0100
Subject: pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs
 mounts

* modules/pam_namespace/namespace.conf.5.xml: Add documentation for the
noexec, nosuid, and nodev flags support.
* modules/pam_namespace/pam_namespace.c (filter_mntopts): New function to
filter out the flags.
(parse_method): Call the function.
(ns_setup): Apply the flags to the tmpfs mount.
* modules/pam_namespace/pam_namespace.h: Add mount_flags to polydir_s struct.
---
 modules/pam_namespace/pam_namespace.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'modules/pam_namespace/pam_namespace.h')

diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h
index 47ebcc33..1522386a 100644
--- a/modules/pam_namespace/pam_namespace.h
+++ b/modules/pam_namespace/pam_namespace.h
@@ -166,6 +166,7 @@ struct polydir_s {
     unsigned int flags;			/* polydir flags */
     char *init_script;			/* path to init script */
     char *mount_opts;			/* mount options for tmpfs mount */
+    unsigned long mount_flags;		/* mount flags for tmpfs mount */
     uid_t owner;			/* user which should own the polydir */
     gid_t group;			/* group which should own the polydir */
     mode_t mode;			/* mode of the polydir */
-- 
cgit v1.2.3