summaryrefslogtreecommitdiff
path: root/src/core
AgeCommit message (Expand)Author
2016-11-15core:gperf: pass the exec_context struct directly to parse restrict namespacesDjalal Harouni
2016-11-15core: property is RestrictNamespaces with sDjalal Harouni
2016-11-15core: improve the logic that implies no new privilegesDjalal Harouni
2016-11-10core:namespace: count and free failed paths inside chase_all_symlinks() (#4619)Djalal Harouni
2016-11-08core: on DynamicUser= make sure that protecting sensitive paths is enforced (...Djalal Harouni
2016-11-08Merge pull request #4536 from poettering/seccomp-namespacesZbigniew Jędrzejewski-Szmek
2016-11-08Merge pull request #4612 from keszybz/format-stringsZbigniew Jędrzejewski-Szmek
2016-11-08Merge pull request #4509 from keszybz/foreach-word-quotedMartin Pitt
2016-11-07Rename formats-util.h to format-util.hZbigniew Jędrzejewski-Szmek
2016-11-07nspawn: slight simplificationZbigniew Jędrzejewski-Szmek
2016-11-07nspawn: avoid one strdup by using free_and_replaceZbigniew Jędrzejewski-Szmek
2016-11-07core: make RootDirectory= and ProtectKernelModules= workDjalal Harouni
2016-11-05core/device: port to extract_first_wordZbigniew Jędrzejewski-Szmek
2016-11-05core/load-fragment: modify existing environment instead of copying strv over ...Zbigniew Jędrzejewski-Szmek
2016-11-05core/load-fragment: port to extract_first_wordZbigniew Jędrzejewski-Szmek
2016-11-05tree-wide: drop unneded WHITESPACE param to extract_first_wordZbigniew Jędrzejewski-Szmek
2016-11-04core: add new RestrictNamespaces= unit file settingLennart Poettering
2016-11-03Merge pull request #4510 from keszybz/tree-wide-cleanupsLennart Poettering
2016-11-03core: intialize user aux groups and SupplementaryGroups= when DynamicUser= is...Djalal Harouni
2016-11-02Revert some uses of xsprintfZbigniew Jędrzejewski-Szmek
2016-11-02Merge pull request #4481 from poettering/perpetualZbigniew Jędrzejewski-Szmek
2016-11-02core: make a constant table actually constantLennart Poettering
2016-11-02core: don't hit an assert when printing status messages about units with over...Lennart Poettering
2016-11-02Merge pull request #4456 from keszybz/stored-fdsLennart Poettering
2016-11-02Merge pull request #4483 from poettering/exec-orderLennart Poettering
2016-11-02pid1: fix fd memleak when we hit FileDescriptorStoreMax limitZbigniew Jędrzejewski-Szmek
2016-11-02core: change mount_synthesize_root() return to intLennart Poettering
2016-11-02unit: unify some code with new unit_new_for_name() callLennart Poettering
2016-11-02core: make the root mount perpetual tooLennart Poettering
2016-11-02core: rework the "no_gc" unit flag to become a more generic "perpetual" flagLennart Poettering
2016-11-02core: initialize groups list before checking SupplementaryGroups= of a unit (...Djalal Harouni
2016-11-02execute: apply seccomp filters after changing selinux/aa/smack contextsLennart Poettering
2016-11-01core: when restarting services, don't close fdsZbigniew Jędrzejewski-Szmek
2016-10-28pid1: nicely log when doing operation on stored fdsZbigniew Jędrzejewski-Szmek
2016-10-28pid1: only log about added fd if it was really addedZbigniew Jędrzejewski-Szmek
2016-10-28Merge pull request #4495 from topimiettinen/block-shmat-execDjalal Harouni
2016-10-28Merge pull request #4458 from keszybz/man-nonewprivilegesMartin Pitt
2016-10-27core: make unit argument const for apply seccomp functionsDjalal Harouni
2016-10-27core: lets apply working directory just after mount namespacesDjalal Harouni
2016-10-27core: get the working directory value inside apply_working_directory()Djalal Harouni
2016-10-27core: move apply working directory code into its own apply_working_directory()Djalal Harouni
2016-10-27core: move the code that setups namespaces on its own functionDjalal Harouni
2016-10-26seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecuteTopi Miettinen
2016-10-24Merge pull request #4450 from poettering/seccompfixesZbigniew Jędrzejewski-Szmek
2016-10-24core: move initialization of -.slice and init.scope into the unit_load() call...Lennart Poettering
2016-10-24seccomp: add new helper call seccomp_load_filter_set()Lennart Poettering
2016-10-24seccomp: add new seccomp_init_conservative() helperLennart Poettering
2016-10-24core: rework apply_protect_kernel_modules() to use seccomp_add_syscall_filter...Lennart Poettering
2016-10-24core: rework syscall filter set handlingLennart Poettering
2016-10-24core: move misplaced comment to the right placeLennart Poettering