summaryrefslogtreecommitdiff
AgeCommit message (Expand)Author
2016-09-28Merge pull request #4185 from endocode/djalal-sandbox-first-protection-v1Evgeny Vereshchagin
2016-09-27Merge pull request #4220 from keszybz/show-and-formatting-fixesMartin Pitt
2016-09-27basic: fix for IPv6 status (#4224)Susant Sahani
2016-09-27test: make sure that {readonly|inaccessible|readwrite}paths disconnect mount ...Djalal Harouni
2016-09-27test: add tests for simple ReadOnlyPaths= caseDjalal Harouni
2016-09-26test-bus-creds: are more debugging infoZbigniew Jędrzejewski-Szmek
2016-09-26udev/path_id: introduce support for NVMe devices (#4169)Keith Busch
2016-09-26core: Fix USB functionfs activation and clarify its documentation (#4188)Paweł Szewczyk
2016-09-26machinectl: prefer user@ to --uid=user for shell (#4006)Zbigniew Jędrzejewski-Szmek
2016-09-26journald,ratelimit: fix wrong calculation of burst_modulate() (#4218)HATAYAMA Daisuke
2016-09-26coredump: initialize coredump_size in submit_coredump() (#4219)Matej Habrnal
2016-09-26treewide: fix typos (#4217)Torstein Husebø
2016-09-25test: add CAP_MKNOD tests for PrivateDevices=Djalal Harouni
2016-09-25core: Use @raw-io syscall group to filter I/O syscalls when PrivateDevices= i...Djalal Harouni
2016-09-25core:namespace: simplify ProtectHome= implementationDjalal Harouni
2016-09-25core: simplify ProtectSystem= implementationDjalal Harouni
2016-09-25core:sandbox: add more /proc/* entries to ProtectKernelTunables=Djalal Harouni
2016-09-25doc: explicitly document that /dev/mem and /dev/port are blocked by PrivateDe...Djalal Harouni
2016-09-25doc: documentation fixes for ReadWritePaths= and ProtectKernelTunables=Djalal Harouni
2016-09-25core:namespace: simplify mount calculationDjalal Harouni
2016-09-25core:namespace: put paths protected by ProtectKernelTunables= inDjalal Harouni
2016-09-25core:namespace: minor improvements to append_mounts()Djalal Harouni
2016-09-25execute: move SMACK setup code into its own functionLennart Poettering
2016-09-25namespace: drop all mounts outside of the new root directoryLennart Poettering
2016-09-25main: minor simplificationLennart Poettering
2016-09-25Update TODOLennart Poettering
2016-09-25execute: filter low-level I/O syscalls if PrivateDevices= is setLennart Poettering
2016-09-25NEWS: update news about systemd-udevd.serviceLennart Poettering
2016-09-25units: further lock down our long-running servicesLennart Poettering
2016-09-25units: permit importd to mount stuffLennart Poettering
2016-09-25man: shorten the exit status table a bitLennart Poettering
2016-09-25man: the exit code/signal is stored in $EXIT_CODE, not $EXIT_STATUSLennart Poettering
2016-09-25man: rework documentation for ReadOnlyPaths= and related settingsLennart Poettering
2016-09-25man: in user-facing documentaiton don't reference C function namesLennart Poettering
2016-09-25namespace: don't make the root directory of a namespace a mount if it already...Lennart Poettering
2016-09-25namespace: chase symlinks for mounts to set up in userspaceLennart Poettering
2016-09-25namespace: invoke unshare() only after checking all parametersLennart Poettering
2016-09-25execute: drop group priviliges only after setting up namespaceLennart Poettering
2016-09-25nspawn: let's mount /proc/sysrq-trigger read-only by defaultLennart Poettering
2016-09-25core: imply ProtectHome=read-only and ProtectSystem=strict if DynamicUser=1Lennart Poettering
2016-09-25core: introduce ProtectSystem=strictLennart Poettering
2016-09-25namespace: add some debug logging when enforcing InaccessiblePaths=Lennart Poettering
2016-09-25namespace: rework how ReadWritePaths= is appliedLennart Poettering
2016-09-25namespace: when enforcing fs namespace restrictions suppress redundant mountsLennart Poettering
2016-09-25namespace: simplify mount_path_compare() a bitLennart Poettering
2016-09-25execute: if RuntimeDirectory= is set, it should be writableLennart Poettering
2016-09-25execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.cLennart Poettering
2016-09-25execute: split out creation of runtime dirs into its own functionsLennart Poettering
2016-09-25namespace: make sure InaccessibleDirectories= masks all mounts further downLennart Poettering
2016-09-25core: add two new service settings ProtectKernelTunables= and ProtectControlG...Lennart Poettering