Age | Commit message (Expand) | Author |
2016-10-07 | core: add "invocation ID" concept to service manager | Lennart Poettering |
2016-10-07 | core: only warn on short reads on signal fd | Zbigniew Jędrzejewski-Szmek |
2016-10-07 | manager: tighten incoming notification message checks | Lennart Poettering |
2016-10-07 | manager: be stricter with incomining notifications, warn properly about too l... | Lennart Poettering |
2016-10-07 | manager: don't ever busy loop when we get a notification message we can't pro... | Lennart Poettering |
2016-10-06 | core: add possibility to set action for ctrl-alt-del burst (#4105) | Lukáš Nykrýn |
2016-10-06 | user-util: rework maybe_setgroups() a bit | Lennart Poettering |
2016-10-06 | core: leave PAM stub process around with GIDs updated | Lennart Poettering |
2016-10-06 | core: do not fail in a container if we can't use setgroups | Giuseppe Scrivano |
2016-10-05 | Fix typo | Giuseppe Scrivano |
2016-10-04 | tree-wide: remove consecutive duplicate words in comments | Stefan Schweter |
2016-10-04 | automount: make sure the expire event is restarted after a daemon-reload (#4265) | Michael Olbrich |
2016-10-01 | core: do not try to create /run/systemd/transient in test mode | Zbigniew Jędrzejewski-Szmek |
2016-10-01 | core: complain if Before= dep on .device is declared | Zbigniew Jędrzejewski-Szmek |
2016-10-01 | core: update warning message | Zbigniew Jędrzejewski-Szmek |
2016-10-01 | core: get rid of unneeded state variable | Zbigniew Jędrzejewski-Szmek |
2016-09-29 | pid1: more informative error message for ignored notifications | Zbigniew Jędrzejewski-Szmek |
2016-09-29 | pid1: process zero-length notification messages again | Zbigniew Jędrzejewski-Szmek |
2016-09-29 | pid1: don't return any error in manager_dispatch_notify_fd() (#4240) | Franck Bui |
2016-09-29 | If the notification message length is 0, ignore the message (#4237) | Jorge Niedbalski |
2016-09-28 | Merge pull request #4185 from endocode/djalal-sandbox-first-protection-v1 | Evgeny Vereshchagin |
2016-09-26 | core: Fix USB functionfs activation and clarify its documentation (#4188) | Paweł Szewczyk |
2016-09-25 | core: Use @raw-io syscall group to filter I/O syscalls when PrivateDevices= i... | Djalal Harouni |
2016-09-25 | core:namespace: simplify ProtectHome= implementation | Djalal Harouni |
2016-09-25 | core: simplify ProtectSystem= implementation | Djalal Harouni |
2016-09-25 | core:sandbox: add more /proc/* entries to ProtectKernelTunables= | Djalal Harouni |
2016-09-25 | core:namespace: simplify mount calculation | Djalal Harouni |
2016-09-25 | core:namespace: put paths protected by ProtectKernelTunables= in | Djalal Harouni |
2016-09-25 | core:namespace: minor improvements to append_mounts() | Djalal Harouni |
2016-09-25 | execute: move SMACK setup code into its own function | Lennart Poettering |
2016-09-25 | namespace: drop all mounts outside of the new root directory | Lennart Poettering |
2016-09-25 | main: minor simplification | Lennart Poettering |
2016-09-25 | execute: filter low-level I/O syscalls if PrivateDevices= is set | Lennart Poettering |
2016-09-25 | namespace: don't make the root directory of a namespace a mount if it already... | Lennart Poettering |
2016-09-25 | namespace: chase symlinks for mounts to set up in userspace | Lennart Poettering |
2016-09-25 | namespace: invoke unshare() only after checking all parameters | Lennart Poettering |
2016-09-25 | execute: drop group priviliges only after setting up namespace | Lennart Poettering |
2016-09-25 | core: imply ProtectHome=read-only and ProtectSystem=strict if DynamicUser=1 | Lennart Poettering |
2016-09-25 | core: introduce ProtectSystem=strict | Lennart Poettering |
2016-09-25 | namespace: add some debug logging when enforcing InaccessiblePaths= | Lennart Poettering |
2016-09-25 | namespace: rework how ReadWritePaths= is applied | Lennart Poettering |
2016-09-25 | namespace: when enforcing fs namespace restrictions suppress redundant mounts | Lennart Poettering |
2016-09-25 | namespace: simplify mount_path_compare() a bit | Lennart Poettering |
2016-09-25 | execute: if RuntimeDirectory= is set, it should be writable | Lennart Poettering |
2016-09-25 | execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.c | Lennart Poettering |
2016-09-25 | execute: split out creation of runtime dirs into its own functions | Lennart Poettering |
2016-09-25 | namespace: make sure InaccessibleDirectories= masks all mounts further down | Lennart Poettering |
2016-09-25 | core: add two new service settings ProtectKernelTunables= and ProtectControlG... | Lennart Poettering |
2016-09-25 | core: enforce seccomp for secondary archs too, for all rules | Lennart Poettering |
2016-09-16 | tree-wide: rename config_parse_many to …_nulstr | Zbigniew Jędrzejewski-Szmek |