Age | Commit message (Collapse) | Author | |
---|---|---|---|
2011-08-02 | exec: introduce PrivateNetwork= process option to turn off network access to ↵ | Lennart Poettering | |
specific services | |||
2011-08-02 | nspawn: add new --no-net switch to turn off networking in the container | Lennart Poettering | |
2011-08-01 | umask: change default umask to 0022 just to be sure, and set it explicitly ↵ | Lennart Poettering | |
in all binaries, in order to make sure it is set when started from the terminal | |||
2011-07-29 | nspawn: properly bind mount /sys/fs/selinux into container, since /selinux ↵ | Lennart Poettering | |
moved there | |||
2011-07-23 | nspawn: mount a new /proc instance in the container so that we don't see the ↵ | Lennart Poettering | |
hosts' PID tree This partially reverts f5c1b9eeb94c112e5dac09fc6a47c571356c30c0. | |||
2011-07-13 | nspawn: compress mount table a bit | Lennart Poettering | |
2011-07-13 | nspawn: always use bind mounts to make API file systems available in the ↵ | Lennart Poettering | |
container This ensures that read-only flags are never passed from the container to the host OS. | |||
2011-07-01 | nspawn: better use setresuid() instead of setreuid() | Lennart Poettering | |
2011-07-01 | nspawn: spawn shell under specified --user | Michal Vyskocil | |
Add -u/--user option, which changes the effective and real user and group id to the new value. The user must exists in the chroot, otherwise it will fail. Both username and user id are accepted. The user home is created as well. It also setup HOME, USER, LOGNAME and SHELL variables . | |||
2011-06-28 | execute: don't choke when systemd was compiled with a different CAP_LAST_CAP ↵ | Lennart Poettering | |
then what it is run with | |||
2011-06-14 | mount /run without MS_NOEXEC | Kay Sievers | |
2011-04-20 | nspawn: don't fail when we receive SIGCHLD | Lennart Poettering | |
https://bugs.freedesktop.org/show_bug.cgi?id=36148 | |||
2011-03-28 | use /run instead of /dev/.run | Kay Sievers | |
Instead of the /dev/.run trick we have currently implemented, we decided to move the early-boot runtime dir to /run. An existing /var/run directory is bind-mounted to /run. If /var/run is already a symlink, no action is taken. An existing /var/lock directory is bind-mounted to /run/lock. If /var/lock is already a symlink, no action is taken. To implement the directory vs. symlink logic, we have a: ConditionPathIsDirectory= now, which is used in the mount units. Skipped mount unit in case of symlink: $ systemctl status var-run.mount var-run.mount - Runtime Directory Loaded: loaded (/lib/systemd/system/var-run.mount) Active: inactive (dead) start condition failed at Fri, 25 Mar 2011 04:51:41 +0100; 6min ago Where: /var/run What: /run CGroup: name=systemd:/system/var-run.mount The systemd rpm needs to make sure to add something like: %pre mkdir -p -m0755 /run >/dev/null 2>&1 || : or it needs to be added to filesystem.rpm. Udev -git already uses /run if that exists, and is writable at bootup. Otherwise it falls back to the current /dev/.udev. Dracut and plymouth need to be adopted to switch from /dev/.run to run too. Cheers, Kay | |||
2011-03-16 | nspawn: bind mount /etc/localtime | Lennart Poettering | |
2011-03-16 | nspawn: make tty code more robust against closed/reopened /dev/console | Lennart Poettering | |
2011-03-16 | nspawn: allocate a new pty instead of passing ours through to avoid terminal ↵ | Lennart Poettering | |
settings chaos | |||
2011-03-14 | nspawn: move container into its own name=systemd cgroup | Lennart Poettering | |
2011-03-14 | nspawn: don't require selinux on if it is compiled in | Lennart Poettering | |
2011-03-14 | nspawn: mount /selinux if needed | Lennart Poettering | |
2011-03-14 | nspawn: we don't want a network namespace | Lennart Poettering | |
2011-03-14 | main: log to the console in a container | Lennart Poettering | |
2011-03-14 | nspawn: reset environment and load login shell | Lennart Poettering | |
2011-03-14 | nspawn: reset umask if needed | Lennart Poettering | |
2011-03-14 | nspawn: define MS_MOVE manually if needed | Lennart Poettering | |
2011-03-14 | nspawn: improve exit warning | Lennart Poettering | |
2011-03-14 | nspawn: add simple chroot(1) like tool to execute commands in a namespace ↵ | Lennart Poettering | |
container |