| Age | Commit message (Expand) | Author |
|---|
| 2016-11-08 | core: on DynamicUser= make sure that protecting sensitive paths is enforced (... | Djalal Harouni |
| 2016-11-08 | Merge pull request #4536 from poettering/seccomp-namespaces | Zbigniew Jędrzejewski-Szmek |
| 2016-11-07 | Rename formats-util.h to format-util.h | Zbigniew Jędrzejewski-Szmek |
| 2016-11-04 | core: add new RestrictNamespaces= unit file setting | Lennart Poettering |
| 2016-11-03 | Merge pull request #4510 from keszybz/tree-wide-cleanups | Lennart Poettering |
| 2016-11-03 | core: intialize user aux groups and SupplementaryGroups= when DynamicUser= is... | Djalal Harouni |
| 2016-11-02 | Merge pull request #4483 from poettering/exec-order | Lennart Poettering |
| 2016-11-02 | core: initialize groups list before checking SupplementaryGroups= of a unit (... | Djalal Harouni |
| 2016-11-02 | execute: apply seccomp filters after changing selinux/aa/smack contexts | Lennart Poettering |
| 2016-10-28 | Merge pull request #4495 from topimiettinen/block-shmat-exec | Djalal Harouni |
| 2016-10-27 | core: make unit argument const for apply seccomp functions | Djalal Harouni |
| 2016-10-27 | core: lets apply working directory just after mount namespaces | Djalal Harouni |
| 2016-10-27 | core: get the working directory value inside apply_working_directory() | Djalal Harouni |
| 2016-10-27 | core: move apply working directory code into its own apply_working_directory() | Djalal Harouni |
| 2016-10-27 | core: move the code that setups namespaces on its own function | Djalal Harouni |
| 2016-10-26 | seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecute | Topi Miettinen |
| 2016-10-24 | seccomp: add new helper call seccomp_load_filter_set() | Lennart Poettering |
| 2016-10-24 | seccomp: add new seccomp_init_conservative() helper | Lennart Poettering |
| 2016-10-24 | core: rework apply_protect_kernel_modules() to use seccomp_add_syscall_filter... | Lennart Poettering |
| 2016-10-24 | core: rework syscall filter set handling | Lennart Poettering |
| 2016-10-24 | core: move misplaced comment to the right place | Lennart Poettering |
| 2016-10-24 | core: simplify skip_seccomp_unavailable() a bit | Lennart Poettering |
| 2016-10-24 | core: do not assert when sysconf(_SC_NGROUPS_MAX) fails (#4466) | Djalal Harouni |
| 2016-10-23 | core: lets move the setup of working directory before group enforce | Djalal Harouni |
| 2016-10-23 | core: first lookup and cache creds then apply them after namespace setup | Djalal Harouni |
| 2016-10-23 | tree-wide: drop NULL sentinel from strjoin | Zbigniew Jędrzejewski-Szmek |
| 2016-10-17 | core/exec: add a named-descriptor option ("fd") for streams (#4179) | Luca Bruno |
| 2016-10-16 | tree-wide: use mfree more | Zbigniew Jędrzejewski-Szmek |
| 2016-10-12 | core: make sure to dump ProtectKernelModules= value | Djalal Harouni |
| 2016-10-12 | core: check protect_kernel_modules and private_devices in order to setup NNP | Djalal Harouni |
| 2016-10-12 | core:sandbox: lets make /lib/modules/ inaccessible on ProtectKernelModules= | Djalal Harouni |
| 2016-10-12 | core:sandbox: Add ProtectKernelModules= option | Djalal Harouni |
| 2016-10-11 | core: chown() any TTY used for stdin, not just when StandardInput=tty is used... | Lennart Poettering |
| 2016-10-07 | core: add "invocation ID" concept to service manager | Lennart Poettering |
| 2016-10-06 | user-util: rework maybe_setgroups() a bit | Lennart Poettering |
| 2016-10-06 | core: leave PAM stub process around with GIDs updated | Lennart Poettering |
| 2016-10-06 | core: do not fail in a container if we can't use setgroups | Giuseppe Scrivano |
| 2016-10-04 | tree-wide: remove consecutive duplicate words in comments | Stefan Schweter |
| 2016-09-25 | core: Use @raw-io syscall group to filter I/O syscalls when PrivateDevices= i... | Djalal Harouni |
| 2016-09-25 | execute: move SMACK setup code into its own function | Lennart Poettering |
| 2016-09-25 | execute: filter low-level I/O syscalls if PrivateDevices= is set | Lennart Poettering |
| 2016-09-25 | execute: drop group priviliges only after setting up namespace | Lennart Poettering |
| 2016-09-25 | execute: if RuntimeDirectory= is set, it should be writable | Lennart Poettering |
| 2016-09-25 | execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.c | Lennart Poettering |
| 2016-09-25 | execute: split out creation of runtime dirs into its own functions | Lennart Poettering |
| 2016-09-25 | core: add two new service settings ProtectKernelTunables= and ProtectControlG... | Lennart Poettering |
| 2016-09-25 | core: enforce seccomp for secondary archs too, for all rules | Lennart Poettering |
| 2016-09-06 | seccomp: also detect if seccomp filtering is enabled | Felipe Sateler |
| 2016-08-22 | core: do not fail at step SECCOMP if there is no kernel support (#4004) | Felipe Sateler |
| 2016-08-19 | core: bypass dynamic user lookups from dbus-daemon | Lennart Poettering |
