summaryrefslogtreecommitdiff
path: root/src/core/execute.c
AgeCommit message (Expand)Author
2016-12-13Merge pull request #4806 from poettering/keyring-initZbigniew Jędrzejewski-Szmek
2016-12-14core: add ability to define arbitrary bind mounts for servicesLennart Poettering
2016-12-13core: store the invocation ID in the per-service keyringLennart Poettering
2016-12-13core: run each system service with a fresh session keyringLennart Poettering
2016-11-18Merge pull request #4538 from fbuihuu/confirm-spawn-fixesLennart Poettering
2016-11-17core: in confirm spawn, suggest 'f' when user selects 'n' choiceFranck Bui
2016-11-17core: confirm_spawn: always accept units with same_pgrp set for nowFranck Bui
2016-11-17core: include the unit name when notifying that a confirmation question timed...Franck Bui
2016-11-17core: add 'c' in confirmation_spawn to resume the boot processFranck Bui
2016-11-17core: add 'j' in confirmation_spawn to list the jobs that are in progressFranck Bui
2016-11-17core: add 'D' in confirmat spawn to show a full dump of the unit to spawnFranck Bui
2016-11-17core: add 'i' in confirm spawn to give a short summary of the unit to spawnFranck Bui
2016-11-17core: rework the confirmation spawn promptFranck Bui
2016-11-17core: limit the length of the confirmation questionFranck Bui
2016-11-17core: in confirm_spawn, the meaning of 'n' and 's' choices are confusingFranck Bui
2016-11-17core: rework ask_for_confirmation()Franck Bui
2016-11-17core: allow to redirect confirmation messages to a different consoleFranck Bui
2016-11-15core: improve the logic that implies no new privilegesDjalal Harouni
2016-11-08core: on DynamicUser= make sure that protecting sensitive paths is enforced (...Djalal Harouni
2016-11-08Merge pull request #4536 from poettering/seccomp-namespacesZbigniew Jędrzejewski-Szmek
2016-11-07Rename formats-util.h to format-util.hZbigniew Jędrzejewski-Szmek
2016-11-04core: add new RestrictNamespaces= unit file settingLennart Poettering
2016-11-03Merge pull request #4510 from keszybz/tree-wide-cleanupsLennart Poettering
2016-11-03core: intialize user aux groups and SupplementaryGroups= when DynamicUser= is...Djalal Harouni
2016-11-02Merge pull request #4483 from poettering/exec-orderLennart Poettering
2016-11-02core: initialize groups list before checking SupplementaryGroups= of a unit (...Djalal Harouni
2016-11-02execute: apply seccomp filters after changing selinux/aa/smack contextsLennart Poettering
2016-10-28Merge pull request #4495 from topimiettinen/block-shmat-execDjalal Harouni
2016-10-27core: make unit argument const for apply seccomp functionsDjalal Harouni
2016-10-27core: lets apply working directory just after mount namespacesDjalal Harouni
2016-10-27core: get the working directory value inside apply_working_directory()Djalal Harouni
2016-10-27core: move apply working directory code into its own apply_working_directory()Djalal Harouni
2016-10-27core: move the code that setups namespaces on its own functionDjalal Harouni
2016-10-26seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecuteTopi Miettinen
2016-10-24seccomp: add new helper call seccomp_load_filter_set()Lennart Poettering
2016-10-24seccomp: add new seccomp_init_conservative() helperLennart Poettering
2016-10-24core: rework apply_protect_kernel_modules() to use seccomp_add_syscall_filter...Lennart Poettering
2016-10-24core: rework syscall filter set handlingLennart Poettering
2016-10-24core: move misplaced comment to the right placeLennart Poettering
2016-10-24core: simplify skip_seccomp_unavailable() a bitLennart Poettering
2016-10-24core: do not assert when sysconf(_SC_NGROUPS_MAX) fails (#4466)Djalal Harouni
2016-10-23core: lets move the setup of working directory before group enforceDjalal Harouni
2016-10-23core: first lookup and cache creds then apply them after namespace setupDjalal Harouni
2016-10-23tree-wide: drop NULL sentinel from strjoinZbigniew Jędrzejewski-Szmek
2016-10-17core/exec: add a named-descriptor option ("fd") for streams (#4179)Luca Bruno
2016-10-16tree-wide: use mfree moreZbigniew Jędrzejewski-Szmek
2016-10-12core: make sure to dump ProtectKernelModules= valueDjalal Harouni
2016-10-12core: check protect_kernel_modules and private_devices in order to setup NNPDjalal Harouni
2016-10-12core:sandbox: lets make /lib/modules/ inaccessible on ProtectKernelModules=Djalal Harouni
2016-10-12core:sandbox: Add ProtectKernelModules= optionDjalal Harouni