summaryrefslogtreecommitdiff
path: root/src/nspawn.c
AgeCommit message (Collapse)Author
2011-08-02exec: introduce PrivateNetwork= process option to turn off network access to ↵Lennart Poettering
specific services
2011-08-02nspawn: add new --no-net switch to turn off networking in the containerLennart Poettering
2011-08-01umask: change default umask to 0022 just to be sure, and set it explicitly ↵Lennart Poettering
in all binaries, in order to make sure it is set when started from the terminal
2011-07-29nspawn: properly bind mount /sys/fs/selinux into container, since /selinux ↵Lennart Poettering
moved there
2011-07-23nspawn: mount a new /proc instance in the container so that we don't see the ↵Lennart Poettering
hosts' PID tree This partially reverts f5c1b9eeb94c112e5dac09fc6a47c571356c30c0.
2011-07-13nspawn: compress mount table a bitLennart Poettering
2011-07-13nspawn: always use bind mounts to make API file systems available in the ↵Lennart Poettering
container This ensures that read-only flags are never passed from the container to the host OS.
2011-07-01nspawn: better use setresuid() instead of setreuid()Lennart Poettering
2011-07-01nspawn: spawn shell under specified --userMichal Vyskocil
Add -u/--user option, which changes the effective and real user and group id to the new value. The user must exists in the chroot, otherwise it will fail. Both username and user id are accepted. The user home is created as well. It also setup HOME, USER, LOGNAME and SHELL variables .
2011-06-28execute: don't choke when systemd was compiled with a different CAP_LAST_CAP ↵Lennart Poettering
then what it is run with
2011-06-14mount /run without MS_NOEXECKay Sievers
2011-04-20nspawn: don't fail when we receive SIGCHLDLennart Poettering
https://bugs.freedesktop.org/show_bug.cgi?id=36148
2011-03-28use /run instead of /dev/.runKay Sievers
Instead of the /dev/.run trick we have currently implemented, we decided to move the early-boot runtime dir to /run. An existing /var/run directory is bind-mounted to /run. If /var/run is already a symlink, no action is taken. An existing /var/lock directory is bind-mounted to /run/lock. If /var/lock is already a symlink, no action is taken. To implement the directory vs. symlink logic, we have a: ConditionPathIsDirectory= now, which is used in the mount units. Skipped mount unit in case of symlink: $ systemctl status var-run.mount var-run.mount - Runtime Directory Loaded: loaded (/lib/systemd/system/var-run.mount) Active: inactive (dead) start condition failed at Fri, 25 Mar 2011 04:51:41 +0100; 6min ago Where: /var/run What: /run CGroup: name=systemd:/system/var-run.mount The systemd rpm needs to make sure to add something like: %pre mkdir -p -m0755 /run >/dev/null 2>&1 || : or it needs to be added to filesystem.rpm. Udev -git already uses /run if that exists, and is writable at bootup. Otherwise it falls back to the current /dev/.udev. Dracut and plymouth need to be adopted to switch from /dev/.run to run too. Cheers, Kay
2011-03-16nspawn: bind mount /etc/localtimeLennart Poettering
2011-03-16nspawn: make tty code more robust against closed/reopened /dev/consoleLennart Poettering
2011-03-16nspawn: allocate a new pty instead of passing ours through to avoid terminal ↵Lennart Poettering
settings chaos
2011-03-14nspawn: move container into its own name=systemd cgroupLennart Poettering
2011-03-14nspawn: don't require selinux on if it is compiled inLennart Poettering
2011-03-14nspawn: mount /selinux if neededLennart Poettering
2011-03-14nspawn: we don't want a network namespaceLennart Poettering
2011-03-14main: log to the console in a containerLennart Poettering
2011-03-14nspawn: reset environment and load login shellLennart Poettering
2011-03-14nspawn: reset umask if neededLennart Poettering
2011-03-14nspawn: define MS_MOVE manually if neededLennart Poettering
2011-03-14nspawn: improve exit warningLennart Poettering
2011-03-14nspawn: add simple chroot(1) like tool to execute commands in a namespace ↵Lennart Poettering
container