Merge pull request #4536 from poettering/seccomp-namespaces

core: add new RestrictNamespaces= unit file setting

Merging, not rebasing, because this touches many files and there were tree-wide cleanups in the mean time.

1 files changed, 0 insertions, 6 deletions

diff --git a/TODO b/TODO
index 6d70496393..baaac9407f 100644
--- a/TODO
+++ b/TODO
@@ -56,14 +56,10 @@ Features:
 
 * define gpt header bits to select volatility mode
 
-* nspawn: mount loopback filesystems with "discard"
-
 * ProtectKernelLogs= (drops CAP_SYSLOG, add seccomp for syslog() syscall, and DeviceAllow to /dev/kmsg) in service files
 
 * ProtectClock= (drops CAP_SYS_TIMES, adds seecomp filters for settimeofday, adjtimex), sets DeviceAllow o /dev/rtc
 
-* ProtectKernelModules= (drops CAP_SYS_MODULE and filters the kmod syscalls)
-
 * ProtectTracing= (drops CAP_SYS_PTRACE, blocks ptrace syscall, makes /sys/kernel/tracing go away)
 
 * ProtectMount= (drop mount/umount/pivot_root from seccomp, disallow fuse via DeviceAllow, imply Mountflags=slave)
@@ -85,8 +81,6 @@ Features:
 
 * Add RootImage= for mounting a disk image or file as root directory
 
-* RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone)
-
 * make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
 
 * journalctl: make sure -f ends when the container indicated by -M terminates