summaryrefslogtreecommitdiff
path: root/src/core/execute.c
AgeCommit message (Expand)Author
2016-10-23core: lets move the setup of working directory before group enforceDjalal Harouni
2016-10-23core: first lookup and cache creds then apply them after namespace setupDjalal Harouni
2016-10-17core/exec: add a named-descriptor option ("fd") for streams (#4179)Luca Bruno
2016-10-16tree-wide: use mfree moreZbigniew Jędrzejewski-Szmek
2016-10-12core: make sure to dump ProtectKernelModules= valueDjalal Harouni
2016-10-12core: check protect_kernel_modules and private_devices in order to setup NNPDjalal Harouni
2016-10-12core:sandbox: lets make /lib/modules/ inaccessible on ProtectKernelModules=Djalal Harouni
2016-10-12core:sandbox: Add ProtectKernelModules= optionDjalal Harouni
2016-10-11core: chown() any TTY used for stdin, not just when StandardInput=tty is used...Lennart Poettering
2016-10-07core: add "invocation ID" concept to service managerLennart Poettering
2016-10-06user-util: rework maybe_setgroups() a bitLennart Poettering
2016-10-06core: leave PAM stub process around with GIDs updatedLennart Poettering
2016-10-06core: do not fail in a container if we can't use setgroupsGiuseppe Scrivano
2016-10-04tree-wide: remove consecutive duplicate words in commentsStefan Schweter
2016-09-25core: Use @raw-io syscall group to filter I/O syscalls when PrivateDevices= i...Djalal Harouni
2016-09-25execute: move SMACK setup code into its own functionLennart Poettering
2016-09-25execute: filter low-level I/O syscalls if PrivateDevices= is setLennart Poettering
2016-09-25execute: drop group priviliges only after setting up namespaceLennart Poettering
2016-09-25execute: if RuntimeDirectory= is set, it should be writableLennart Poettering
2016-09-25execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.cLennart Poettering
2016-09-25execute: split out creation of runtime dirs into its own functionsLennart Poettering
2016-09-25core: add two new service settings ProtectKernelTunables= and ProtectControlG...Lennart Poettering
2016-09-25core: enforce seccomp for secondary archs too, for all rulesLennart Poettering
2016-09-06seccomp: also detect if seccomp filtering is enabledFelipe Sateler
2016-08-22core: do not fail at step SECCOMP if there is no kernel support (#4004)Felipe Sateler
2016-08-19core: bypass dynamic user lookups from dbus-daemonLennart Poettering
2016-08-19core: add RemoveIPC= settingLennart Poettering
2016-08-18core: make use of uid_is_valid() when checking for UID validityLennart Poettering
2016-08-06Merge pull request #3884 from poettering/private-usersZbigniew Jędrzejewski-Szmek
2016-08-04core: only set the watchdog variables in ExecStart= linesLennart Poettering
2016-08-04core: use the correct APIs to determine whether a dual timestamp is initializedLennart Poettering
2016-08-04core: turn various execution flags into a proper flags parameterLennart Poettering
2016-08-03core: add new PrivateUsers= option to service executionLennart Poettering
2016-08-03execute: don't set $SHELL and $HOME for services, if they don't contain inter...Lennart Poettering
2016-08-03core: inherit TERM from PID 1 for all services started on /dev/consoleLennart Poettering
2016-07-22nss: add new "nss-systemd" NSS module for mapping dynamic usersLennart Poettering
2016-07-22core: add a concept of "dynamic" user ids, that are allocated as long as a se...Lennart Poettering
2016-07-20execute: make sure JoinsNamespaceOf= doesn't leak ns fds to executed processesLennart Poettering
2016-07-20execute: normalize connect_logger_as() parameters slightlyLennart Poettering
2016-07-19doc,core: Read{Write,Only}Paths= and InaccessiblePaths=Alessandro Puccetti
2016-07-11treewide: fix typos and remove accidental repetition of wordsTorstein Husebø
2016-07-08execute: Do not alter call-by-ref parameter on failureJouke Witteveen
2016-07-07execute: Cleanup the environment earlyJouke Witteveen
2016-06-23execute: add a new easy-to-use RestrictRealtime= option to unitsLennart Poettering
2016-06-23execute: be a little less drastic when MemoryDenyWriteExecute= hitsLennart Poettering
2016-06-23execute: set PR_SET_NO_NEW_PRIVS also in case the exec memory protection is usedLennart Poettering
2016-06-23execute: use the return value of setrlimit_closest() properlyLennart Poettering
2016-06-15core: set $JOURNAL_STREAM to the dev_t/ino_t of the journal stream of execute...Lennart Poettering
2016-06-15execute: minor coding style improvementsLennart Poettering
2016-06-13core/execute: pass env vars to PAM session setup (#3503)Jouke Witteveen