summaryrefslogtreecommitdiff
path: root/src/core
AgeCommit message (Expand)Author
2016-11-02execute: apply seccomp filters after changing selinux/aa/smack contextsLennart Poettering
2016-10-28Merge pull request #4495 from topimiettinen/block-shmat-execDjalal Harouni
2016-10-28Merge pull request #4458 from keszybz/man-nonewprivilegesMartin Pitt
2016-10-27core: make unit argument const for apply seccomp functionsDjalal Harouni
2016-10-27core: lets apply working directory just after mount namespacesDjalal Harouni
2016-10-27core: get the working directory value inside apply_working_directory()Djalal Harouni
2016-10-27core: move apply working directory code into its own apply_working_directory()Djalal Harouni
2016-10-27core: move the code that setups namespaces on its own functionDjalal Harouni
2016-10-26seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecuteTopi Miettinen
2016-10-24Merge pull request #4450 from poettering/seccompfixesZbigniew Jędrzejewski-Szmek
2016-10-24core: move initialization of -.slice and init.scope into the unit_load() call...Lennart Poettering
2016-10-24seccomp: add new helper call seccomp_load_filter_set()Lennart Poettering
2016-10-24seccomp: add new seccomp_init_conservative() helperLennart Poettering
2016-10-24core: rework apply_protect_kernel_modules() to use seccomp_add_syscall_filter...Lennart Poettering
2016-10-24core: rework syscall filter set handlingLennart Poettering
2016-10-24core: move misplaced comment to the right placeLennart Poettering
2016-10-24core: simplify skip_seccomp_unavailable() a bitLennart Poettering
2016-10-24Merge pull request #4459 from keszybz/commandline-parsingLennart Poettering
2016-10-24Merge pull request #4406 from jsynacek/jsynacek-is-enabledLennart Poettering
2016-10-24core: do not assert when sysconf(_SC_NGROUPS_MAX) fails (#4466)Djalal Harouni
2016-10-24shared, systemctl: teach is-enabled to show installation targetsJan Synacek
2016-10-24install: introduce UnitFileFlagsJan Synacek
2016-10-23core: lets move the setup of working directory before group enforceDjalal Harouni
2016-10-23core: first lookup and cache creds then apply them after namespace setupDjalal Harouni
2016-10-22core: do not set no_new_privileges flag in config_parse_syscall_filterZbigniew Jędrzejewski-Szmek
2016-10-22Merge pull request #4428 from lnykryn/ctrl_v2Zbigniew Jędrzejewski-Szmek
2016-10-22tree-wide: make parse_proc_cmdline() strip "rd." prefix automaticallyZbigniew Jędrzejewski-Szmek
2016-10-22tree-wide: allow state to be passed through to parse_proc_cmdline_itemZbigniew Jędrzejewski-Szmek
2016-10-21core: use emergency_action for ctr+alt+del burstLukas Nykryn
2016-10-21failure-action: generalize failure action to emergency actionLukas Nykryn
2016-10-21core: if the start command vanishes during runtime don't hit an assertLennart Poettering
2016-10-20journald,core: add short comments we we keep reopening /dev/console all the timeLennart Poettering
2016-10-20Merge pull request #4417 from keszybz/man-and-rlimitLennart Poettering
2016-10-19pid1: downgrade some rlimit warningsZbigniew Jędrzejewski-Szmek
2016-10-19core: let's upgrade the log level for service processes dying of signal (#4415)Lennart Poettering
2016-10-17core/exec: add a named-descriptor option ("fd") for streams (#4179)Luca Bruno
2016-10-17Merge pull request #4392 from keszybz/running-timersLennart Poettering
2016-10-17core/timer: reset next_elapse_*time when timer is not waitingZbigniew Jędrzejewski-Szmek
2016-10-17pid1: do not use mtime==0 as sign of masking (#4388)Zbigniew Jędrzejewski-Szmek
2016-10-16tree-wide: introduce free_and_replace helperZbigniew Jędrzejewski-Szmek
2016-10-16tree-wide: use mfree moreZbigniew Jędrzejewski-Szmek
2016-10-14core: make settings for unified cgroup hierarchy supersede the ones for legac...Tejun Heo
2016-10-12core: make sure to dump ProtectKernelModules= valueDjalal Harouni
2016-10-12core: check protect_kernel_modules and private_devices in order to setup NNPDjalal Harouni
2016-10-12core:sandbox: lets make /lib/modules/ inaccessible on ProtectKernelModules=Djalal Harouni
2016-10-12core:sandbox: remove CAP_SYS_RAWIO on PrivateDevices=yesDjalal Harouni
2016-10-12core:sandbox: Add ProtectKernelModules= optionDjalal Harouni
2016-10-12Allow block and char classes in DeviceAllow bus properties (#4353)Zbigniew Jędrzejewski-Szmek
2016-10-11core/main: get rid from excess check of ACTION_TEST (#4350)0xAX
2016-10-11core: chown() any TTY used for stdin, not just when StandardInput=tty is used...Lennart Poettering