| Age | Commit message (Expand) | Author |
|---|
| 2016-09-25 | core: Use @raw-io syscall group to filter I/O syscalls when PrivateDevices= i... | Djalal Harouni |
| 2016-09-25 | execute: move SMACK setup code into its own function | Lennart Poettering |
| 2016-09-25 | execute: filter low-level I/O syscalls if PrivateDevices= is set | Lennart Poettering |
| 2016-09-25 | execute: drop group priviliges only after setting up namespace | Lennart Poettering |
| 2016-09-25 | execute: if RuntimeDirectory= is set, it should be writable | Lennart Poettering |
| 2016-09-25 | execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.c | Lennart Poettering |
| 2016-09-25 | execute: split out creation of runtime dirs into its own functions | Lennart Poettering |
| 2016-09-25 | core: add two new service settings ProtectKernelTunables= and ProtectControlG... | Lennart Poettering |
| 2016-09-25 | core: enforce seccomp for secondary archs too, for all rules | Lennart Poettering |
| 2016-09-06 | seccomp: also detect if seccomp filtering is enabled | Felipe Sateler |
| 2016-08-22 | core: do not fail at step SECCOMP if there is no kernel support (#4004) | Felipe Sateler |
| 2016-08-19 | core: bypass dynamic user lookups from dbus-daemon | Lennart Poettering |
| 2016-08-19 | core: add RemoveIPC= setting | Lennart Poettering |
| 2016-08-18 | core: make use of uid_is_valid() when checking for UID validity | Lennart Poettering |
| 2016-08-06 | Merge pull request #3884 from poettering/private-users | Zbigniew Jędrzejewski-Szmek |
| 2016-08-04 | core: only set the watchdog variables in ExecStart= lines | Lennart Poettering |
| 2016-08-04 | core: use the correct APIs to determine whether a dual timestamp is initialized | Lennart Poettering |
| 2016-08-04 | core: turn various execution flags into a proper flags parameter | Lennart Poettering |
| 2016-08-03 | core: add new PrivateUsers= option to service execution | Lennart Poettering |
| 2016-08-03 | execute: don't set $SHELL and $HOME for services, if they don't contain inter... | Lennart Poettering |
| 2016-08-03 | core: inherit TERM from PID 1 for all services started on /dev/console | Lennart Poettering |
| 2016-07-22 | nss: add new "nss-systemd" NSS module for mapping dynamic users | Lennart Poettering |
| 2016-07-22 | core: add a concept of "dynamic" user ids, that are allocated as long as a se... | Lennart Poettering |
| 2016-07-20 | execute: make sure JoinsNamespaceOf= doesn't leak ns fds to executed processes | Lennart Poettering |
| 2016-07-20 | execute: normalize connect_logger_as() parameters slightly | Lennart Poettering |
| 2016-07-19 | doc,core: Read{Write,Only}Paths= and InaccessiblePaths= | Alessandro Puccetti |
| 2016-07-11 | treewide: fix typos and remove accidental repetition of words | Torstein Husebø |
| 2016-07-08 | execute: Do not alter call-by-ref parameter on failure | Jouke Witteveen |
| 2016-07-07 | execute: Cleanup the environment early | Jouke Witteveen |
| 2016-06-23 | execute: add a new easy-to-use RestrictRealtime= option to units | Lennart Poettering |
| 2016-06-23 | execute: be a little less drastic when MemoryDenyWriteExecute= hits | Lennart Poettering |
| 2016-06-23 | execute: set PR_SET_NO_NEW_PRIVS also in case the exec memory protection is used | Lennart Poettering |
| 2016-06-23 | execute: use the return value of setrlimit_closest() properly | Lennart Poettering |
| 2016-06-15 | core: set $JOURNAL_STREAM to the dev_t/ino_t of the journal stream of execute... | Lennart Poettering |
| 2016-06-15 | execute: minor coding style improvements | Lennart Poettering |
| 2016-06-13 | core/execute: pass env vars to PAM session setup (#3503) | Jouke Witteveen |
| 2016-06-10 | core/execute: add the magic character '!' to allow privileged execution (#3493) | Alessandro Puccetti |
| 2016-06-09 | execute: check whether the specified fd is a tty before chowning/chmoding it... | Lennart Poettering |
| 2016-06-03 | core: Restrict mmap and mprotect with PAGE_WRITE|PAGE_EXEC (#3319) (#3379) | Topi Miettinen |
| 2016-05-05 | tree-wide: introduce new SOCKADDR_UN_LEN() macro, and use it everywhere | Lennart Poettering |
| 2016-03-21 | Merge pull request #2760 from ronnychevalier/rc/core_no_new_privileges_seccompv3 | Daniel Mack |
| 2016-02-28 | core: set NoNewPrivileges for seccomp if we don't have CAP_SYS_ADMIN | Ronny Chevalier |
| 2016-02-26 | tree-wide: indentation fixes | Thomas Hindoe Paaboel Andersen |
| 2016-02-22 | tree-wide: make ++/-- usage consistent WRT spacing | Vito Caputo |
| 2016-02-13 | core: drop Capabilities= setting | Lennart Poettering |
| 2016-02-11 | Remove kdbus custom endpoint support | Daniel Mack |
| 2016-02-10 | tree-wide: remove Emacs lines from all files | Daniel Mack |
| 2016-01-28 | core: don't reset /dev/console if stdin/stdout/stderr as passed as fd in a tr... | Lennart Poettering |
| 2016-01-25 | core: normalize error handling a bit, in setup_pam() | Lennart Poettering |
| 2016-01-20 | systemd: remove dead code | Zbigniew Jędrzejewski-Szmek |
