diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-06-13 16:54:21 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-06-13 16:54:21 +0200 |
commit | 9ea8e2ce85303bba2a15c7508b1eb905433ad62c (patch) | |
tree | cd5d09b1832a12ca48391e50658d16c414739ca1 /TODO | |
parent | dcd61450026c281c916f12c2affa220e0994ba19 (diff) | |
parent | 54a17e01de048a2275f8861b211f10d11e56407d (diff) |
Merge pull request #3498 from poettering/syscall-filter-fixes
Syscall filter fixes, tighter nspawn seccomp sandbox by default
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -47,6 +47,10 @@ Features: * RestrictNamespaces= or so in services (taking away the ability to create namespaces, with setns, unshare, clone) +* RestrictRealtime= which takes aware ability to create realtime processes + +* nspawn: make /proc/sys/net writable? + * make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things * journalctl: make sure -f ends when the container indicated by -M terminates |