index
:
~lukeshu/systemd
elogind/master
eudev/master
notsystemd/master
notsystemd/postmove
notsystemd/premove
notsystemd/wip/cgroup2
notsystemd/wip/nspawn
notsystemd/wip/nspawn-parse
systemd/master
systemd/parabola
Unnamed repository; edit this file 'description' to name the repository.
git-mirror
summary
refs
log
tree
commit
diff
log msg
author
committer
range
path:
root
/
src
/
core
/
execute.c
Age
Commit message (
Expand
)
Author
2016-10-12
core: make sure to dump ProtectKernelModules= value
Djalal Harouni
2016-10-12
core: check protect_kernel_modules and private_devices in order to setup NNP
Djalal Harouni
2016-10-12
core:sandbox: lets make /lib/modules/ inaccessible on ProtectKernelModules=
Djalal Harouni
2016-10-12
core:sandbox: Add ProtectKernelModules= option
Djalal Harouni
2016-10-11
core: chown() any TTY used for stdin, not just when StandardInput=tty is used...
Lennart Poettering
2016-10-07
core: add "invocation ID" concept to service manager
Lennart Poettering
2016-10-06
user-util: rework maybe_setgroups() a bit
Lennart Poettering
2016-10-06
core: leave PAM stub process around with GIDs updated
Lennart Poettering
2016-10-06
core: do not fail in a container if we can't use setgroups
Giuseppe Scrivano
2016-10-04
tree-wide: remove consecutive duplicate words in comments
Stefan Schweter
2016-09-25
core: Use @raw-io syscall group to filter I/O syscalls when PrivateDevices= i...
Djalal Harouni
2016-09-25
execute: move SMACK setup code into its own function
Lennart Poettering
2016-09-25
execute: filter low-level I/O syscalls if PrivateDevices= is set
Lennart Poettering
2016-09-25
execute: drop group priviliges only after setting up namespace
Lennart Poettering
2016-09-25
execute: if RuntimeDirectory= is set, it should be writable
Lennart Poettering
2016-09-25
execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.c
Lennart Poettering
2016-09-25
execute: split out creation of runtime dirs into its own functions
Lennart Poettering
2016-09-25
core: add two new service settings ProtectKernelTunables= and ProtectControlG...
Lennart Poettering
2016-09-25
core: enforce seccomp for secondary archs too, for all rules
Lennart Poettering
2016-09-06
seccomp: also detect if seccomp filtering is enabled
Felipe Sateler
2016-08-22
core: do not fail at step SECCOMP if there is no kernel support (#4004)
Felipe Sateler
2016-08-19
core: bypass dynamic user lookups from dbus-daemon
Lennart Poettering
2016-08-19
core: add RemoveIPC= setting
Lennart Poettering
2016-08-18
core: make use of uid_is_valid() when checking for UID validity
Lennart Poettering
2016-08-06
Merge pull request #3884 from poettering/private-users
Zbigniew Jędrzejewski-Szmek
2016-08-04
core: only set the watchdog variables in ExecStart= lines
Lennart Poettering
2016-08-04
core: use the correct APIs to determine whether a dual timestamp is initialized
Lennart Poettering
2016-08-04
core: turn various execution flags into a proper flags parameter
Lennart Poettering
2016-08-03
core: add new PrivateUsers= option to service execution
Lennart Poettering
2016-08-03
execute: don't set $SHELL and $HOME for services, if they don't contain inter...
Lennart Poettering
2016-08-03
core: inherit TERM from PID 1 for all services started on /dev/console
Lennart Poettering
2016-07-22
nss: add new "nss-systemd" NSS module for mapping dynamic users
Lennart Poettering
2016-07-22
core: add a concept of "dynamic" user ids, that are allocated as long as a se...
Lennart Poettering
2016-07-20
execute: make sure JoinsNamespaceOf= doesn't leak ns fds to executed processes
Lennart Poettering
2016-07-20
execute: normalize connect_logger_as() parameters slightly
Lennart Poettering
2016-07-19
doc,core: Read{Write,Only}Paths= and InaccessiblePaths=
Alessandro Puccetti
2016-07-11
treewide: fix typos and remove accidental repetition of words
Torstein Husebø
2016-07-08
execute: Do not alter call-by-ref parameter on failure
Jouke Witteveen
2016-07-07
execute: Cleanup the environment early
Jouke Witteveen
2016-06-23
execute: add a new easy-to-use RestrictRealtime= option to units
Lennart Poettering
2016-06-23
execute: be a little less drastic when MemoryDenyWriteExecute= hits
Lennart Poettering
2016-06-23
execute: set PR_SET_NO_NEW_PRIVS also in case the exec memory protection is used
Lennart Poettering
2016-06-23
execute: use the return value of setrlimit_closest() properly
Lennart Poettering
2016-06-15
core: set $JOURNAL_STREAM to the dev_t/ino_t of the journal stream of execute...
Lennart Poettering
2016-06-15
execute: minor coding style improvements
Lennart Poettering
2016-06-13
core/execute: pass env vars to PAM session setup (#3503)
Jouke Witteveen
2016-06-10
core/execute: add the magic character '!' to allow privileged execution (#3493)
Alessandro Puccetti
2016-06-09
execute: check whether the specified fd is a tty before chowning/chmoding it...
Lennart Poettering
2016-06-03
core: Restrict mmap and mprotect with PAGE_WRITE|PAGE_EXEC (#3319) (#3379)
Topi Miettinen
2016-05-05
tree-wide: introduce new SOCKADDR_UN_LEN() macro, and use it everywhere
Lennart Poettering
[next]