index
:
~lukeshu/systemd
elogind/master
eudev/master
notsystemd/master
notsystemd/postmove
notsystemd/premove
notsystemd/wip/cgroup2
notsystemd/wip/nspawn
notsystemd/wip/nspawn-parse
systemd/master
systemd/parabola
Unnamed repository; edit this file 'description' to name the repository.
git-mirror
summary
refs
log
tree
commit
diff
log msg
author
committer
range
Age
Commit message (
Expand
)
Author
2016-09-28
journal: add stdout_stream_scan() comment (#4102)
Vito Caputo
2016-09-28
Merge pull request #4185 from endocode/djalal-sandbox-first-protection-v1
Evgeny Vereshchagin
2016-09-27
Merge pull request #4220 from keszybz/show-and-formatting-fixes
Martin Pitt
2016-09-27
basic: fix for IPv6 status (#4224)
Susant Sahani
2016-09-27
test: make sure that {readonly|inaccessible|readwrite}paths disconnect mount ...
Djalal Harouni
2016-09-27
test: add tests for simple ReadOnlyPaths= case
Djalal Harouni
2016-09-26
test-bus-creds: are more debugging info
Zbigniew Jędrzejewski-Szmek
2016-09-26
udev/path_id: introduce support for NVMe devices (#4169)
Keith Busch
2016-09-26
core: Fix USB functionfs activation and clarify its documentation (#4188)
Paweł Szewczyk
2016-09-26
machinectl: prefer user@ to --uid=user for shell (#4006)
Zbigniew Jędrzejewski-Szmek
2016-09-26
journald,ratelimit: fix wrong calculation of burst_modulate() (#4218)
HATAYAMA Daisuke
2016-09-26
coredump: initialize coredump_size in submit_coredump() (#4219)
Matej Habrnal
2016-09-26
treewide: fix typos (#4217)
Torstein Husebø
2016-09-25
test: add CAP_MKNOD tests for PrivateDevices=
Djalal Harouni
2016-09-25
core: Use @raw-io syscall group to filter I/O syscalls when PrivateDevices= i...
Djalal Harouni
2016-09-25
core:namespace: simplify ProtectHome= implementation
Djalal Harouni
2016-09-25
core: simplify ProtectSystem= implementation
Djalal Harouni
2016-09-25
core:sandbox: add more /proc/* entries to ProtectKernelTunables=
Djalal Harouni
2016-09-25
doc: explicitly document that /dev/mem and /dev/port are blocked by PrivateDe...
Djalal Harouni
2016-09-25
doc: documentation fixes for ReadWritePaths= and ProtectKernelTunables=
Djalal Harouni
2016-09-25
core:namespace: simplify mount calculation
Djalal Harouni
2016-09-25
core:namespace: put paths protected by ProtectKernelTunables= in
Djalal Harouni
2016-09-25
core:namespace: minor improvements to append_mounts()
Djalal Harouni
2016-09-25
execute: move SMACK setup code into its own function
Lennart Poettering
2016-09-25
namespace: drop all mounts outside of the new root directory
Lennart Poettering
2016-09-25
main: minor simplification
Lennart Poettering
2016-09-25
Update TODO
Lennart Poettering
2016-09-25
execute: filter low-level I/O syscalls if PrivateDevices= is set
Lennart Poettering
2016-09-25
NEWS: update news about systemd-udevd.service
Lennart Poettering
2016-09-25
units: further lock down our long-running services
Lennart Poettering
2016-09-25
units: permit importd to mount stuff
Lennart Poettering
2016-09-25
man: shorten the exit status table a bit
Lennart Poettering
2016-09-25
man: the exit code/signal is stored in $EXIT_CODE, not $EXIT_STATUS
Lennart Poettering
2016-09-25
man: rework documentation for ReadOnlyPaths= and related settings
Lennart Poettering
2016-09-25
man: in user-facing documentaiton don't reference C function names
Lennart Poettering
2016-09-25
namespace: don't make the root directory of a namespace a mount if it already...
Lennart Poettering
2016-09-25
namespace: chase symlinks for mounts to set up in userspace
Lennart Poettering
2016-09-25
namespace: invoke unshare() only after checking all parameters
Lennart Poettering
2016-09-25
execute: drop group priviliges only after setting up namespace
Lennart Poettering
2016-09-25
nspawn: let's mount /proc/sysrq-trigger read-only by default
Lennart Poettering
2016-09-25
core: imply ProtectHome=read-only and ProtectSystem=strict if DynamicUser=1
Lennart Poettering
2016-09-25
core: introduce ProtectSystem=strict
Lennart Poettering
2016-09-25
namespace: add some debug logging when enforcing InaccessiblePaths=
Lennart Poettering
2016-09-25
namespace: rework how ReadWritePaths= is applied
Lennart Poettering
2016-09-25
namespace: when enforcing fs namespace restrictions suppress redundant mounts
Lennart Poettering
2016-09-25
namespace: simplify mount_path_compare() a bit
Lennart Poettering
2016-09-25
execute: if RuntimeDirectory= is set, it should be writable
Lennart Poettering
2016-09-25
execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.c
Lennart Poettering
2016-09-25
execute: split out creation of runtime dirs into its own functions
Lennart Poettering
2016-09-25
namespace: make sure InaccessibleDirectories= masks all mounts further down
Lennart Poettering
[prev]
[next]