summaryrefslogtreecommitdiff
path: root/man/systemd.exec.xml
AgeCommit message (Expand)Author
2016-11-02seccomp: include pipes and memfd in @ipcLennart Poettering
2016-11-02seccomp: drop execve() from @process listLennart Poettering
2016-11-02seccomp: add clock query and sleeping syscalls to "@default" groupLennart Poettering
2016-11-01seccomp: allow specifying arm64, mips, ppc (#4491)Zbigniew Jędrzejewski-Szmek
2016-10-31man: fix typos (#4527)Jakub Wilk
2016-10-28Merge pull request #4495 from topimiettinen/block-shmat-execDjalal Harouni
2016-10-26seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecuteTopi Miettinen
2016-10-24man: document the default value of NoNewPrivileges=Zbigniew Jędrzejewski-Szmek
2016-10-20man: document default for User=Lennart Poettering
2016-10-17core/exec: add a named-descriptor option ("fd") for streams (#4179)Luca Bruno
2016-10-17man: avoid abbreviated "cgroups" terminology (#4396)Lennart Poettering
2016-10-15man: add crosslink between systemd.resource-control(5) and systemd.exec(5)Zbigniew Jędrzejewski-Szmek
2016-10-13Merge pull request #4243 from endocode/djalal/sandbox-first-protection-kernel...Lennart Poettering
2016-10-12man: typo fixesThomas Hindoe Paaboel Andersen
2016-10-12core:sandbox: lets make /lib/modules/ inaccessible on ProtectKernelModules=Djalal Harouni
2016-10-12doc: minor hint about InaccessiblePaths= in regard of ProtectKernelTunables=Djalal Harouni
2016-10-12core:sandbox: remove CAP_SYS_RAWIO on PrivateDevices=yesDjalal Harouni
2016-10-12core:sandbox: Add ProtectKernelModules= optionDjalal Harouni
2016-10-11Merge pull request #4348 from poettering/docfixesZbigniew Jędrzejewski-Szmek
2016-10-11man: beef up documentation on per-unit resource limits a bitLennart Poettering
2016-10-07core: add "invocation ID" concept to service managerLennart Poettering
2016-10-05seccomp: add support for the s390 architecture (#4287)hbrueckner
2016-10-03man: remove consecutive duplicate words (#4268)Stefan Schweter
2016-09-25core: Use @raw-io syscall group to filter I/O syscalls when PrivateDevices= i...Djalal Harouni
2016-09-25core:sandbox: add more /proc/* entries to ProtectKernelTunables=Djalal Harouni
2016-09-25doc: explicitly document that /dev/mem and /dev/port are blocked by PrivateDe...Djalal Harouni
2016-09-25doc: documentation fixes for ReadWritePaths= and ProtectKernelTunables=Djalal Harouni
2016-09-25man: shorten the exit status table a bitLennart Poettering
2016-09-25man: the exit code/signal is stored in $EXIT_CODE, not $EXIT_STATUSLennart Poettering
2016-09-25man: rework documentation for ReadOnlyPaths= and related settingsLennart Poettering
2016-09-25man: in user-facing documentaiton don't reference C function namesLennart Poettering
2016-09-25core: imply ProtectHome=read-only and ProtectSystem=strict if DynamicUser=1Lennart Poettering
2016-09-25core: introduce ProtectSystem=strictLennart Poettering
2016-09-25core: add two new service settings ProtectKernelTunables= and ProtectControlG...Lennart Poettering
2016-08-19core: add RemoveIPC= settingLennart Poettering
2016-08-11man: add "timeout" to status table (#3919)Zbigniew Jędrzejewski-Szmek
2016-08-07Merge pull request #3914 from keszybz/fix-man-linksLennart Poettering
2016-08-07man: add a table of possible exit statuses (#3910)Zbigniew Jędrzejewski-Szmek
2016-08-06Merge pull request #3884 from poettering/private-usersZbigniew Jędrzejewski-Szmek
2016-08-06man: provide html links to a bunch of external man pagesZbigniew Jędrzejewski-Szmek
2016-08-04core: set $SERVICE_RESULT, $EXIT_CODE and $EXIT_STATUS in ExecStop=/ExecStopP...Lennart Poettering
2016-08-03core: add new PrivateUsers= option to service executionLennart Poettering
2016-07-25Merge pull request #3728 from poettering/dynamic-usersZbigniew Jędrzejewski-Szmek
2016-07-25core: change ExecStart=! syntax to ExecStart=+ (#3797)Lennart Poettering
2016-07-22core: add a concept of "dynamic" user ids, that are allocated as long as a se...Lennart Poettering
2016-07-19doc,core: Read{Write,Only}Paths= and InaccessiblePaths=Alessandro Puccetti
2016-07-19namespace: unify limit behavior on non-directory pathsAlessandro Puccetti
2016-06-23execute: add a new easy-to-use RestrictRealtime= option to unitsLennart Poettering
2016-06-15core: set $JOURNAL_STREAM to the dev_t/ino_t of the journal stream of execute...Lennart Poettering
2016-06-13core: improve seccomp syscall grouping a bitLennart Poettering