summaryrefslogtreecommitdiff
path: root/src/core
AgeCommit message (Expand)Author
2016-09-28Merge pull request #4185 from endocode/djalal-sandbox-first-protection-v1Evgeny Vereshchagin
2016-09-26core: Fix USB functionfs activation and clarify its documentation (#4188)Paweł Szewczyk
2016-09-25core: Use @raw-io syscall group to filter I/O syscalls when PrivateDevices= i...Djalal Harouni
2016-09-25core:namespace: simplify ProtectHome= implementationDjalal Harouni
2016-09-25core: simplify ProtectSystem= implementationDjalal Harouni
2016-09-25core:sandbox: add more /proc/* entries to ProtectKernelTunables=Djalal Harouni
2016-09-25core:namespace: simplify mount calculationDjalal Harouni
2016-09-25core:namespace: put paths protected by ProtectKernelTunables= inDjalal Harouni
2016-09-25core:namespace: minor improvements to append_mounts()Djalal Harouni
2016-09-25execute: move SMACK setup code into its own functionLennart Poettering
2016-09-25namespace: drop all mounts outside of the new root directoryLennart Poettering
2016-09-25main: minor simplificationLennart Poettering
2016-09-25execute: filter low-level I/O syscalls if PrivateDevices= is setLennart Poettering
2016-09-25namespace: don't make the root directory of a namespace a mount if it already...Lennart Poettering
2016-09-25namespace: chase symlinks for mounts to set up in userspaceLennart Poettering
2016-09-25namespace: invoke unshare() only after checking all parametersLennart Poettering
2016-09-25execute: drop group priviliges only after setting up namespaceLennart Poettering
2016-09-25core: imply ProtectHome=read-only and ProtectSystem=strict if DynamicUser=1Lennart Poettering
2016-09-25core: introduce ProtectSystem=strictLennart Poettering
2016-09-25namespace: add some debug logging when enforcing InaccessiblePaths=Lennart Poettering
2016-09-25namespace: rework how ReadWritePaths= is appliedLennart Poettering
2016-09-25namespace: when enforcing fs namespace restrictions suppress redundant mountsLennart Poettering
2016-09-25namespace: simplify mount_path_compare() a bitLennart Poettering
2016-09-25execute: if RuntimeDirectory= is set, it should be writableLennart Poettering
2016-09-25execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.cLennart Poettering
2016-09-25execute: split out creation of runtime dirs into its own functionsLennart Poettering
2016-09-25namespace: make sure InaccessibleDirectories= masks all mounts further downLennart Poettering
2016-09-25core: add two new service settings ProtectKernelTunables= and ProtectControlG...Lennart Poettering
2016-09-25core: enforce seccomp for secondary archs too, for all rulesLennart Poettering
2016-09-16tree-wide: rename config_parse_many to …_nulstrZbigniew Jędrzejewski-Szmek
2016-09-10Merge pull request #4119 from keszybz/drop-more-kdbusEvgeny Vereshchagin
2016-09-10service: fixup ExecStop for socket-activated shutdown (#4120)Kyle Russell
2016-09-09unit: sent change signal before removing the unit if necessary (#4106)Michael Olbrich
2016-09-09pid1: drop kdbus_fd and all associated logicZbigniew Jędrzejewski-Szmek
2016-09-09service: Continue shutdown on socket activated unit on termination (#4108)Kyle Russell
2016-09-06seccomp: also detect if seccomp filtering is enabledFelipe Sateler
2016-08-31core: introduce MemorySwapMax= (#3659)Lennart Poettering
2016-08-31load-fragment: Resolve specifiers in OnCalendar and On*Sec (#4045)Lennart Poettering
2016-08-30core: introduce MemorySwapMax=WaLyong Cho
2016-08-27mount: add SloppyOptions= to mount_dump()Barron Rulon
2016-08-27mount: add new ForceUnmount= setting for mount units, mapping to umount(8)'s ...Barron Rulon
2016-08-26load-fragment: Resolve specifiers in OnCalendar and On*SecDouglas Christman
2016-08-26mount: add new LazyUnmount= setting for mount units, mapping to umount(8)'s "...brulon
2016-08-26Merge pull request #3984 from poettering/refcntEvgeny Vereshchagin
2016-08-23core,network: Use const qualifiers for block-local variables in macro functio...Felipe Sateler
2016-08-22core: do not fail at step SECCOMP if there is no kernel support (#4004)Felipe Sateler
2016-08-22core: let's use set_contains() where appropriateLennart Poettering
2016-08-22core: cache last CPU usage counter, before destorying a cgroupLennart Poettering
2016-08-22core: add Ref()/Unref() bus calls for unitsLennart Poettering
2016-08-19Merge pull request #3965 from htejun/systemd-controller-on-unifiedZbigniew Jędrzejewski-Szmek