summaryrefslogtreecommitdiff
path: root/src/core
AgeCommit message (Expand)Author
2016-10-10tree-wide: pass return value of make_null_stdio() to warning instead of errno...0xAX
2016-10-09main: initialize default unit little later (#4321)0xAX
2016-10-09tree-wide: print warning in a failure case of make_null_stdio() (#4320)0xAX
2016-10-07core: only warn on short reads on signal fdZbigniew Jędrzejewski-Szmek
2016-10-07manager: tighten incoming notification message checksLennart Poettering
2016-10-07manager: be stricter with incomining notifications, warn properly about too l...Lennart Poettering
2016-10-07manager: don't ever busy loop when we get a notification message we can't pro...Lennart Poettering
2016-10-06core: add possibility to set action for ctrl-alt-del burst (#4105)Lukáš Nykrýn
2016-10-06user-util: rework maybe_setgroups() a bitLennart Poettering
2016-10-06core: leave PAM stub process around with GIDs updatedLennart Poettering
2016-10-06core: do not fail in a container if we can't use setgroupsGiuseppe Scrivano
2016-10-05Fix typoGiuseppe Scrivano
2016-10-04tree-wide: remove consecutive duplicate words in commentsStefan Schweter
2016-10-04automount: make sure the expire event is restarted after a daemon-reload (#4265)Michael Olbrich
2016-10-01core: do not try to create /run/systemd/transient in test modeZbigniew Jędrzejewski-Szmek
2016-10-01core: complain if Before= dep on .device is declaredZbigniew Jędrzejewski-Szmek
2016-10-01core: update warning messageZbigniew Jędrzejewski-Szmek
2016-10-01core: get rid of unneeded state variableZbigniew Jędrzejewski-Szmek
2016-09-29pid1: more informative error message for ignored notificationsZbigniew Jędrzejewski-Szmek
2016-09-29pid1: process zero-length notification messages againZbigniew Jędrzejewski-Szmek
2016-09-29pid1: don't return any error in manager_dispatch_notify_fd() (#4240)Franck Bui
2016-09-29If the notification message length is 0, ignore the message (#4237)Jorge Niedbalski
2016-09-28Merge pull request #4185 from endocode/djalal-sandbox-first-protection-v1Evgeny Vereshchagin
2016-09-26core: Fix USB functionfs activation and clarify its documentation (#4188)Paweł Szewczyk
2016-09-25core: Use @raw-io syscall group to filter I/O syscalls when PrivateDevices= i...Djalal Harouni
2016-09-25core:namespace: simplify ProtectHome= implementationDjalal Harouni
2016-09-25core: simplify ProtectSystem= implementationDjalal Harouni
2016-09-25core:sandbox: add more /proc/* entries to ProtectKernelTunables=Djalal Harouni
2016-09-25core:namespace: simplify mount calculationDjalal Harouni
2016-09-25core:namespace: put paths protected by ProtectKernelTunables= inDjalal Harouni
2016-09-25core:namespace: minor improvements to append_mounts()Djalal Harouni
2016-09-25execute: move SMACK setup code into its own functionLennart Poettering
2016-09-25namespace: drop all mounts outside of the new root directoryLennart Poettering
2016-09-25main: minor simplificationLennart Poettering
2016-09-25execute: filter low-level I/O syscalls if PrivateDevices= is setLennart Poettering
2016-09-25namespace: don't make the root directory of a namespace a mount if it already...Lennart Poettering
2016-09-25namespace: chase symlinks for mounts to set up in userspaceLennart Poettering
2016-09-25namespace: invoke unshare() only after checking all parametersLennart Poettering
2016-09-25execute: drop group priviliges only after setting up namespaceLennart Poettering
2016-09-25core: imply ProtectHome=read-only and ProtectSystem=strict if DynamicUser=1Lennart Poettering
2016-09-25core: introduce ProtectSystem=strictLennart Poettering
2016-09-25namespace: add some debug logging when enforcing InaccessiblePaths=Lennart Poettering
2016-09-25namespace: rework how ReadWritePaths= is appliedLennart Poettering
2016-09-25namespace: when enforcing fs namespace restrictions suppress redundant mountsLennart Poettering
2016-09-25namespace: simplify mount_path_compare() a bitLennart Poettering
2016-09-25execute: if RuntimeDirectory= is set, it should be writableLennart Poettering
2016-09-25execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.cLennart Poettering
2016-09-25execute: split out creation of runtime dirs into its own functionsLennart Poettering
2016-09-25namespace: make sure InaccessibleDirectories= masks all mounts further downLennart Poettering
2016-09-25core: add two new service settings ProtectKernelTunables= and ProtectControlG...Lennart Poettering