30874dda3a
Let's generalize this, so that we can use this in nspawn later on, which is pretty useful as we need to be able to mask files from the inner child of nspawn too, where the host's /run/systemd/inaccessible directory is not visible anymore. Moreover, if nspawn can create these nodes on its own before the payload this means the payload can run with fewer privileges.
9 lines
206 B
C
9 lines
206 B
C
/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
#pragma once
|
|
|
|
#include <sys/types.h>
|
|
|
|
int dev_setup(const char *prefix, uid_t uid, gid_t gid);
|
|
|
|
int make_inaccessible_nodes(const char *root, uid_t uid, gid_t gid);
|