Age | Commit message (Expand) | Author |
2016-09-27 | test: make sure that {readonly|inaccessible|readwrite}paths disconnect mount ... | Djalal Harouni |
2016-09-27 | test: add tests for simple ReadOnlyPaths= case | Djalal Harouni |
2016-09-25 | test: add CAP_MKNOD tests for PrivateDevices= | Djalal Harouni |
2016-09-25 | core: Use @raw-io syscall group to filter I/O syscalls when PrivateDevices= i... | Djalal Harouni |
2016-09-25 | core:namespace: simplify ProtectHome= implementation | Djalal Harouni |
2016-09-25 | core: simplify ProtectSystem= implementation | Djalal Harouni |
2016-09-25 | core:sandbox: add more /proc/* entries to ProtectKernelTunables= | Djalal Harouni |
2016-09-25 | doc: explicitly document that /dev/mem and /dev/port are blocked by PrivateDe... | Djalal Harouni |
2016-09-25 | doc: documentation fixes for ReadWritePaths= and ProtectKernelTunables= | Djalal Harouni |
2016-09-25 | core:namespace: simplify mount calculation | Djalal Harouni |
2016-09-25 | core:namespace: put paths protected by ProtectKernelTunables= in | Djalal Harouni |
2016-09-25 | core:namespace: minor improvements to append_mounts() | Djalal Harouni |
2016-09-25 | execute: move SMACK setup code into its own function | Lennart Poettering |
2016-09-25 | namespace: drop all mounts outside of the new root directory | Lennart Poettering |
2016-09-25 | main: minor simplification | Lennart Poettering |
2016-09-25 | Update TODO | Lennart Poettering |
2016-09-25 | execute: filter low-level I/O syscalls if PrivateDevices= is set | Lennart Poettering |
2016-09-25 | NEWS: update news about systemd-udevd.service | Lennart Poettering |
2016-09-25 | units: further lock down our long-running services | Lennart Poettering |
2016-09-25 | units: permit importd to mount stuff | Lennart Poettering |
2016-09-25 | man: shorten the exit status table a bit | Lennart Poettering |
2016-09-25 | man: the exit code/signal is stored in $EXIT_CODE, not $EXIT_STATUS | Lennart Poettering |
2016-09-25 | man: rework documentation for ReadOnlyPaths= and related settings | Lennart Poettering |
2016-09-25 | man: in user-facing documentaiton don't reference C function names | Lennart Poettering |
2016-09-25 | namespace: don't make the root directory of a namespace a mount if it already... | Lennart Poettering |
2016-09-25 | namespace: chase symlinks for mounts to set up in userspace | Lennart Poettering |
2016-09-25 | namespace: invoke unshare() only after checking all parameters | Lennart Poettering |
2016-09-25 | execute: drop group priviliges only after setting up namespace | Lennart Poettering |
2016-09-25 | nspawn: let's mount /proc/sysrq-trigger read-only by default | Lennart Poettering |
2016-09-25 | core: imply ProtectHome=read-only and ProtectSystem=strict if DynamicUser=1 | Lennart Poettering |
2016-09-25 | core: introduce ProtectSystem=strict | Lennart Poettering |
2016-09-25 | namespace: add some debug logging when enforcing InaccessiblePaths= | Lennart Poettering |
2016-09-25 | namespace: rework how ReadWritePaths= is applied | Lennart Poettering |
2016-09-25 | namespace: when enforcing fs namespace restrictions suppress redundant mounts | Lennart Poettering |
2016-09-25 | namespace: simplify mount_path_compare() a bit | Lennart Poettering |
2016-09-25 | execute: if RuntimeDirectory= is set, it should be writable | Lennart Poettering |
2016-09-25 | execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.c | Lennart Poettering |
2016-09-25 | execute: split out creation of runtime dirs into its own functions | Lennart Poettering |
2016-09-25 | namespace: make sure InaccessibleDirectories= masks all mounts further down | Lennart Poettering |
2016-09-25 | core: add two new service settings ProtectKernelTunables= and ProtectControlG... | Lennart Poettering |
2016-09-25 | core: enforce seccomp for secondary archs too, for all rules | Lennart Poettering |
2016-09-24 | Merge pull request #4194 from bboozzoo/bboozzoo/nss-rootlib | Zbigniew Jędrzejewski-Szmek |
2016-09-24 | Merge pull request #4182 from jkoelker/routetable | Zbigniew Jędrzejewski-Szmek |
2016-09-24 | networkd: do not drop config for pending interfaces (#4187) | Martin Pitt |
2016-09-24 | build-sys: get rid of move-to-rootlibdir | Maciek Borzecki |
2016-09-24 | kernel-install: allow plugins to terminate the procedure (#4174) | Zbigniew Jędrzejewski-Szmek |
2016-09-24 | Merge pull request #4207 from fbuihuu/fix-journal-hmac-calculation | Zbigniew Jędrzejewski-Szmek |
2016-09-24 | sysctl: configure kernel parameters in the order they occur in each sysctl co... | HATAYAMA Daisuke |
2016-09-24 | nspawn: decouple --boot from CLONE_NEWIPC (#4180) | Luca Bruno |
2016-09-23 | journal: fix HMAC calculation when appending a data object | Franck Bui |