summaryrefslogtreecommitdiff
path: root/src/core/namespace.c
AgeCommit message (Expand)Author
2016-09-25core:namespace: simplify ProtectHome= implementationDjalal Harouni
2016-09-25core: simplify ProtectSystem= implementationDjalal Harouni
2016-09-25core:sandbox: add more /proc/* entries to ProtectKernelTunables=Djalal Harouni
2016-09-25core:namespace: simplify mount calculationDjalal Harouni
2016-09-25core:namespace: put paths protected by ProtectKernelTunables= inDjalal Harouni
2016-09-25core:namespace: minor improvements to append_mounts()Djalal Harouni
2016-09-25namespace: drop all mounts outside of the new root directoryLennart Poettering
2016-09-25namespace: don't make the root directory of a namespace a mount if it already...Lennart Poettering
2016-09-25namespace: chase symlinks for mounts to set up in userspaceLennart Poettering
2016-09-25namespace: invoke unshare() only after checking all parametersLennart Poettering
2016-09-25core: introduce ProtectSystem=strictLennart Poettering
2016-09-25namespace: add some debug logging when enforcing InaccessiblePaths=Lennart Poettering
2016-09-25namespace: rework how ReadWritePaths= is appliedLennart Poettering
2016-09-25namespace: when enforcing fs namespace restrictions suppress redundant mountsLennart Poettering
2016-09-25namespace: simplify mount_path_compare() a bitLennart Poettering
2016-09-25namespace: make sure InaccessibleDirectories= masks all mounts further downLennart Poettering
2016-09-25core: add two new service settings ProtectKernelTunables= and ProtectControlG...Lennart Poettering
2016-07-22Merge pull request #3764 from poettering/assorted-stuff-2Martin Pitt
2016-07-20namespace: fix wrong return value from mount(2) (#3758)Topi Miettinen
2016-07-20namespace: add a (void) castLennart Poettering
2016-07-20namespace: minor improvementsLennart Poettering
2016-07-19doc,core: Read{Write,Only}Paths= and InaccessiblePaths=Alessandro Puccetti
2016-07-19namespace: unify limit behavior on non-directory pathsAlessandro Puccetti
2016-05-15namespace: Make private /dev noexec and readonly (#3263)topimiettinen
2016-05-14namespace: unmount old /dev under our new private /dev (#3254)topimiettinen
2016-02-11Remove kdbus custom endpoint supportDaniel Mack
2016-02-10tree-wide: remove Emacs lines from all filesDaniel Mack
2015-10-27util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering
2015-10-27user-util: move UID/GID related macros from macro.h to user-util.hLennart Poettering
2015-10-27util-lib: split out umask-related code to umask-util.hLennart Poettering
2015-10-27util-lib: move string table stuff into its own string-table.[ch]Lennart Poettering
2015-10-27util-lib: move mount related utility calls to mount-util.[ch]Lennart Poettering
2015-10-26socket-util: move remaining socket-related calls from util.[ch] to socket-uti...Lennart Poettering
2015-10-25util-lib: split out fd-related operations into fd-util.[ch]Lennart Poettering
2015-10-24util-lib: split our string related calls from util.[ch] into its own file str...Lennart Poettering
2015-09-29tree-wide: port more code to use send_one_fd() and receive_one_fd()Lennart Poettering
2015-09-09tree-wide: update empty-if coccinelle script to cover empty-while and moreLennart Poettering
2015-09-09tree-wide: make use of log_error_errno() return value in more casesLennart Poettering
2015-09-09tree-wide: make use of log_error_errno() return valueLennart Poettering
2015-06-10util: introduce CMSG_FOREACH() macro and make use of it everywhereLennart Poettering
2015-05-31core/namespace: Protect /usr instead of /home with ProtectSystem=yesJason Pleau
2015-05-21nspawn: finish user namespace supportLennart Poettering
2015-05-20core,nspawn: unify code that moves the root dirLennart Poettering
2015-05-18core: Private*/Protect* options with RootDirectoryAlban Crequy
2015-05-13nspawn: rework custom mount point order, and add support for overlayfsLennart Poettering
2015-03-31nspawn: change filesystem type from "bind" to NULL in mount() syscallsIago López Galeiras
2015-03-16core/namespace: fix path sortingMichal Schmidt
2015-03-13core: explicitly ignore failure during cleanupZbigniew Jędrzejewski-Szmek
2015-03-13core: either ignore or handle mount failuresZbigniew Jędrzejewski-Szmek
2015-03-13Use space after a silencing (void)Zbigniew Jędrzejewski-Szmek