| Age | Commit message (Expand) | Author |
|---|
| 2017-02-07 | core,nspawn,dissect: make nspawn's .roothash file search reusable | Lennart Poettering |
| 2017-02-07 | core: add RootImage= setting for using a specific image file as root director... | Lennart Poettering |
| 2017-02-07 | core: add a per-unit setting MountAPIVFS= for mounting /dev, /proc, /sys in c... | Lennart Poettering |
| 2017-02-07 | core: fix minor memleak in namespace.c | Lennart Poettering |
| 2016-12-14 | core: add ability to define arbitrary bind mounts for services | Lennart Poettering |
| 2016-12-14 | namespace: instead of chasing mount symlinks a priori, do so as-we-go | Lennart Poettering |
| 2016-12-14 | core: rename BindMount structure → MountEntry | Lennart Poettering |
| 2016-12-14 | namespace: add explicit read-only flag | Lennart Poettering |
| 2016-12-13 | namespace: reindent protect_system_strict_table[] as well | Lennart Poettering |
| 2016-12-01 | fs-util: add flags parameter to chase_symlinks() | Lennart Poettering |
| 2016-12-01 | tree-wide: stop using canonicalize_file_name(), use chase_symlinks() instead | Lennart Poettering |
| 2016-11-17 | namespace: clarify that /proc/apm is obsolete, but leave it blocked | Lennart Poettering |
| 2016-11-17 | namespace: reindent namespace tables | Lennart Poettering |
| 2016-11-17 | namespace: simplify, optimize and extend handling of mounts for namespace | Lennart Poettering |
| 2016-11-10 | core:namespace: count and free failed paths inside chase_all_symlinks() (#4619) | Djalal Harouni |
| 2016-11-08 | core: on DynamicUser= make sure that protecting sensitive paths is enforced (... | Djalal Harouni |
| 2016-11-07 | nspawn: slight simplification | Zbigniew Jędrzejewski-Szmek |
| 2016-11-07 | nspawn: avoid one strdup by using free_and_replace | Zbigniew Jędrzejewski-Szmek |
| 2016-11-07 | core: make RootDirectory= and ProtectKernelModules= work | Djalal Harouni |
| 2016-10-23 | tree-wide: drop NULL sentinel from strjoin | Zbigniew Jędrzejewski-Szmek |
| 2016-10-12 | core:sandbox: lets make /lib/modules/ inaccessible on ProtectKernelModules= | Djalal Harouni |
| 2016-09-25 | core:namespace: simplify ProtectHome= implementation | Djalal Harouni |
| 2016-09-25 | core: simplify ProtectSystem= implementation | Djalal Harouni |
| 2016-09-25 | core:sandbox: add more /proc/* entries to ProtectKernelTunables= | Djalal Harouni |
| 2016-09-25 | core:namespace: simplify mount calculation | Djalal Harouni |
| 2016-09-25 | core:namespace: put paths protected by ProtectKernelTunables= in | Djalal Harouni |
| 2016-09-25 | core:namespace: minor improvements to append_mounts() | Djalal Harouni |
| 2016-09-25 | namespace: drop all mounts outside of the new root directory | Lennart Poettering |
| 2016-09-25 | namespace: don't make the root directory of a namespace a mount if it already... | Lennart Poettering |
| 2016-09-25 | namespace: chase symlinks for mounts to set up in userspace | Lennart Poettering |
| 2016-09-25 | namespace: invoke unshare() only after checking all parameters | Lennart Poettering |
| 2016-09-25 | core: introduce ProtectSystem=strict | Lennart Poettering |
| 2016-09-25 | namespace: add some debug logging when enforcing InaccessiblePaths= | Lennart Poettering |
| 2016-09-25 | namespace: rework how ReadWritePaths= is applied | Lennart Poettering |
| 2016-09-25 | namespace: when enforcing fs namespace restrictions suppress redundant mounts | Lennart Poettering |
| 2016-09-25 | namespace: simplify mount_path_compare() a bit | Lennart Poettering |
| 2016-09-25 | namespace: make sure InaccessibleDirectories= masks all mounts further down | Lennart Poettering |
| 2016-09-25 | core: add two new service settings ProtectKernelTunables= and ProtectControlG... | Lennart Poettering |
| 2016-07-22 | Merge pull request #3764 from poettering/assorted-stuff-2 | Martin Pitt |
| 2016-07-20 | namespace: fix wrong return value from mount(2) (#3758) | Topi Miettinen |
| 2016-07-20 | namespace: add a (void) cast | Lennart Poettering |
| 2016-07-20 | namespace: minor improvements | Lennart Poettering |
| 2016-07-19 | doc,core: Read{Write,Only}Paths= and InaccessiblePaths= | Alessandro Puccetti |
| 2016-07-19 | namespace: unify limit behavior on non-directory paths | Alessandro Puccetti |
| 2016-05-15 | namespace: Make private /dev noexec and readonly (#3263) | topimiettinen |
| 2016-05-14 | namespace: unmount old /dev under our new private /dev (#3254) | topimiettinen |
| 2016-02-11 | Remove kdbus custom endpoint support | Daniel Mack |
| 2016-02-10 | tree-wide: remove Emacs lines from all files | Daniel Mack |
| 2015-10-27 | util-lib: split out allocation calls into alloc-util.[ch] | Lennart Poettering |
| 2015-10-27 | user-util: move UID/GID related macros from macro.h to user-util.h | Lennart Poettering |
