index
:
~lukeshu/systemd
elogind/master
eudev/master
notsystemd/master
notsystemd/postmove
notsystemd/premove
notsystemd/wip/cgroup2
notsystemd/wip/nspawn
notsystemd/wip/nspawn-parse
systemd/master
systemd/parabola
Unnamed repository; edit this file 'description' to name the repository.
git-mirror
summary
refs
log
tree
commit
diff
log msg
author
committer
range
Age
Commit message (
Expand
)
Author
2016-09-27
test: make sure that {readonly|inaccessible|readwrite}paths disconnect mount ...
Djalal Harouni
2016-09-27
test: add tests for simple ReadOnlyPaths= case
Djalal Harouni
2016-09-25
test: add CAP_MKNOD tests for PrivateDevices=
Djalal Harouni
2016-09-25
core: Use @raw-io syscall group to filter I/O syscalls when PrivateDevices= i...
Djalal Harouni
2016-09-25
core:namespace: simplify ProtectHome= implementation
Djalal Harouni
2016-09-25
core: simplify ProtectSystem= implementation
Djalal Harouni
2016-09-25
core:sandbox: add more /proc/* entries to ProtectKernelTunables=
Djalal Harouni
2016-09-25
doc: explicitly document that /dev/mem and /dev/port are blocked by PrivateDe...
Djalal Harouni
2016-09-25
doc: documentation fixes for ReadWritePaths= and ProtectKernelTunables=
Djalal Harouni
2016-09-25
core:namespace: simplify mount calculation
Djalal Harouni
2016-09-25
core:namespace: put paths protected by ProtectKernelTunables= in
Djalal Harouni
2016-09-25
core:namespace: minor improvements to append_mounts()
Djalal Harouni
2016-09-25
execute: move SMACK setup code into its own function
Lennart Poettering
2016-09-25
namespace: drop all mounts outside of the new root directory
Lennart Poettering
2016-09-25
main: minor simplification
Lennart Poettering
2016-09-25
Update TODO
Lennart Poettering
2016-09-25
execute: filter low-level I/O syscalls if PrivateDevices= is set
Lennart Poettering
2016-09-25
NEWS: update news about systemd-udevd.service
Lennart Poettering
2016-09-25
units: further lock down our long-running services
Lennart Poettering
2016-09-25
units: permit importd to mount stuff
Lennart Poettering
2016-09-25
man: shorten the exit status table a bit
Lennart Poettering
2016-09-25
man: the exit code/signal is stored in $EXIT_CODE, not $EXIT_STATUS
Lennart Poettering
2016-09-25
man: rework documentation for ReadOnlyPaths= and related settings
Lennart Poettering
2016-09-25
man: in user-facing documentaiton don't reference C function names
Lennart Poettering
2016-09-25
namespace: don't make the root directory of a namespace a mount if it already...
Lennart Poettering
2016-09-25
namespace: chase symlinks for mounts to set up in userspace
Lennart Poettering
2016-09-25
namespace: invoke unshare() only after checking all parameters
Lennart Poettering
2016-09-25
execute: drop group priviliges only after setting up namespace
Lennart Poettering
2016-09-25
nspawn: let's mount /proc/sysrq-trigger read-only by default
Lennart Poettering
2016-09-25
core: imply ProtectHome=read-only and ProtectSystem=strict if DynamicUser=1
Lennart Poettering
2016-09-25
core: introduce ProtectSystem=strict
Lennart Poettering
2016-09-25
namespace: add some debug logging when enforcing InaccessiblePaths=
Lennart Poettering
2016-09-25
namespace: rework how ReadWritePaths= is applied
Lennart Poettering
2016-09-25
namespace: when enforcing fs namespace restrictions suppress redundant mounts
Lennart Poettering
2016-09-25
namespace: simplify mount_path_compare() a bit
Lennart Poettering
2016-09-25
execute: if RuntimeDirectory= is set, it should be writable
Lennart Poettering
2016-09-25
execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.c
Lennart Poettering
2016-09-25
execute: split out creation of runtime dirs into its own functions
Lennart Poettering
2016-09-25
namespace: make sure InaccessibleDirectories= masks all mounts further down
Lennart Poettering
2016-09-25
core: add two new service settings ProtectKernelTunables= and ProtectControlG...
Lennart Poettering
2016-09-25
core: enforce seccomp for secondary archs too, for all rules
Lennart Poettering
2016-09-24
Merge pull request #4194 from bboozzoo/bboozzoo/nss-rootlib
Zbigniew Jędrzejewski-Szmek
2016-09-24
Merge pull request #4182 from jkoelker/routetable
Zbigniew Jędrzejewski-Szmek
2016-09-24
networkd: do not drop config for pending interfaces (#4187)
Martin Pitt
2016-09-24
build-sys: get rid of move-to-rootlibdir
Maciek Borzecki
2016-09-24
kernel-install: allow plugins to terminate the procedure (#4174)
Zbigniew Jędrzejewski-Szmek
2016-09-24
Merge pull request #4207 from fbuihuu/fix-journal-hmac-calculation
Zbigniew Jędrzejewski-Szmek
2016-09-24
sysctl: configure kernel parameters in the order they occur in each sysctl co...
HATAYAMA Daisuke
2016-09-24
nspawn: decouple --boot from CLONE_NEWIPC (#4180)
Luca Bruno
2016-09-23
journal: fix HMAC calculation when appending a data object
Franck Bui
[next]