summaryrefslogtreecommitdiff
path: root/src/core
AgeCommit message (Expand)Author
2016-10-12core: make sure to dump ProtectKernelModules= valueDjalal Harouni
2016-10-12core: check protect_kernel_modules and private_devices in order to setup NNPDjalal Harouni
2016-10-12core:sandbox: lets make /lib/modules/ inaccessible on ProtectKernelModules=Djalal Harouni
2016-10-12core:sandbox: remove CAP_SYS_RAWIO on PrivateDevices=yesDjalal Harouni
2016-10-12core:sandbox: Add ProtectKernelModules= optionDjalal Harouni
2016-10-12Allow block and char classes in DeviceAllow bus properties (#4353)Zbigniew Jędrzejewski-Szmek
2016-10-11core/main: get rid from excess check of ACTION_TEST (#4350)0xAX
2016-10-11core: chown() any TTY used for stdin, not just when StandardInput=tty is used...Lennart Poettering
2016-10-11Merge pull request #4067 from poettering/invocation-idZbigniew Jędrzejewski-Szmek
2016-10-10Merge pull request #4337 from poettering/exit-codeZbigniew Jędrzejewski-Szmek
2016-10-10core: simplify if branches a bitLennart Poettering
2016-10-10core: make use of IN_SET() in various places in mount.cLennart Poettering
2016-10-10core: when determining whether a process exit status is clean, consider wheth...Lennart Poettering
2016-10-10core: lower exit status "level" at one placeLennart Poettering
2016-10-10main: use strdup instead of free_and_strdup to initialize default unit (#4335)0xAX
2016-10-10exit-status: kill is_clean_exit_lsb(), move logic to sysv-generatorLennart Poettering
2016-10-10tree-wide: pass return value of make_null_stdio() to warning instead of errno...0xAX
2016-10-09main: initialize default unit little later (#4321)0xAX
2016-10-09tree-wide: print warning in a failure case of make_null_stdio() (#4320)0xAX
2016-10-07core: add "invocation ID" concept to service managerLennart Poettering
2016-10-07core: only warn on short reads on signal fdZbigniew Jędrzejewski-Szmek
2016-10-07manager: tighten incoming notification message checksLennart Poettering
2016-10-07manager: be stricter with incomining notifications, warn properly about too l...Lennart Poettering
2016-10-07manager: don't ever busy loop when we get a notification message we can't pro...Lennart Poettering
2016-10-06core: add possibility to set action for ctrl-alt-del burst (#4105)Lukáš Nykrýn
2016-10-06user-util: rework maybe_setgroups() a bitLennart Poettering
2016-10-06core: leave PAM stub process around with GIDs updatedLennart Poettering
2016-10-06core: do not fail in a container if we can't use setgroupsGiuseppe Scrivano
2016-10-05Fix typoGiuseppe Scrivano
2016-10-04tree-wide: remove consecutive duplicate words in commentsStefan Schweter
2016-10-04automount: make sure the expire event is restarted after a daemon-reload (#4265)Michael Olbrich
2016-10-01core: do not try to create /run/systemd/transient in test modeZbigniew Jędrzejewski-Szmek
2016-10-01core: complain if Before= dep on .device is declaredZbigniew Jędrzejewski-Szmek
2016-10-01core: update warning messageZbigniew Jędrzejewski-Szmek
2016-10-01core: get rid of unneeded state variableZbigniew Jędrzejewski-Szmek
2016-09-29pid1: more informative error message for ignored notificationsZbigniew Jędrzejewski-Szmek
2016-09-29pid1: process zero-length notification messages againZbigniew Jędrzejewski-Szmek
2016-09-29pid1: don't return any error in manager_dispatch_notify_fd() (#4240)Franck Bui
2016-09-29If the notification message length is 0, ignore the message (#4237)Jorge Niedbalski
2016-09-28Merge pull request #4185 from endocode/djalal-sandbox-first-protection-v1Evgeny Vereshchagin
2016-09-26core: Fix USB functionfs activation and clarify its documentation (#4188)Paweł Szewczyk
2016-09-25core: Use @raw-io syscall group to filter I/O syscalls when PrivateDevices= i...Djalal Harouni
2016-09-25core:namespace: simplify ProtectHome= implementationDjalal Harouni
2016-09-25core: simplify ProtectSystem= implementationDjalal Harouni
2016-09-25core:sandbox: add more /proc/* entries to ProtectKernelTunables=Djalal Harouni
2016-09-25core:namespace: simplify mount calculationDjalal Harouni
2016-09-25core:namespace: put paths protected by ProtectKernelTunables= inDjalal Harouni
2016-09-25core:namespace: minor improvements to append_mounts()Djalal Harouni
2016-09-25execute: move SMACK setup code into its own functionLennart Poettering
2016-09-25namespace: drop all mounts outside of the new root directoryLennart Poettering