| Age | Commit message (Collapse) | Author |
|---|
|
Keep mounts done by udev rules private to udevd. Also, document how
MountFlags= may be used for this.
|
|
Also mount /dev/kdbus, /dev/mqueue and /dev/hugepages into the /dev for
namespaced services.
|
|
load-fragment.c
The parse code actually checked for specific lvalue names, which is
really wrong for supposedly generic parsers...
|
|
Similar to PrivateNetwork=, PrivateTmp= introduce PrivateDevices= that
sets up a private /dev with only the API pseudo-devices like /dev/null,
/dev/zero, /dev/random, but not any physical devices in them.
|
|
This way it is easy to only exclude directories from the current boot
from automatic clean up in /var/tmp.
Also, pick a longer name for the directories so that are globs in
tmp.conf can be simpler yet equally accurate.
|
|
|
|
PrivateTmp= namespaces
|
|
Unit name is used whole in the directory name, so that the unit name
can be easily extracted from it, e.g. "/tmp/systemd-abcd.service-DEDBIF1".
https://bugzilla.redhat.com/show_bug.cgi?id=957439
|
|
This extends 62678ded 'efi: never call qsort on potentially
NULL arrays' to all other places where qsort is used and it
is not obvious that the count is non-zero.
|
|
|
|
|
|
Currently, PrivateTmp=yes means that the service cannot see the /tmp
shared by rest of the system and is isolated from other services using
PrivateTmp, but users can access and modify /tmp as seen by the
service.
Move the private /tmp and /var/tmp directories into a 0077-mode
directory. This way unpriviledged users on the system cannot see (or
modify) /tmp as seen by the service.
|
|
All Execs within the service, will get mounted the same
/tmp and /var/tmp directories, if service is configured with
PrivateTmp=yes. Temporary directories are cleaned up by service
itself in addition to systemd-tmpfiles. Directory which is mounted
as inaccessible is created at runtime in /run/systemd.
|
|
We want to make sure that everything from the host is also visible in
the sandbox.
|
|
- don't use pivot_root() anymore, just reuse root hierarchy
- first create all mounts, then mark them read-only so that we get the
right behaviour when people want writable mounts inside of
read-only mounts
- don't pass invalid combinations of MS_ constants to the kernel
|
|
|
|
|
|
|
|
MS_BIND|MS_MOVE can not be combined:
do_mount()
else if (flags & MS_BIND)
do_loopback(&path, dev_name, flags & MS_REC);
[...]
else if (flags & MS_MOVE)
do_move_mount(&path, dev_name);
MS_REMOUNT|MS_UNBINDABLE can not be combined:
do_mount()
if (flags & MS_REMOUNT)
do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page);
[...]
else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE))
do_change_type(&path, flags);
|
|
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.
Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.
The bits that used to be MIT continue to be MIT.
The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
|
|
|
