~lukeshu/systemd - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2015-10-24	util-lib: split our string related calls from util.[ch] into its own file ↵	Lennart Poettering
	string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-10-24	util: split out escaping code into escape.[ch]	Lennart Poettering
	This really deserves its own file, given how much code this is now.
2015-10-20	nspawn: skip /sys-as-tmpfs if we don't use private-network	Iago López Galeiras
	Since v3.11/7dc5dbc ("sysfs: Restrict mounting sysfs"), the kernel doesn't allow mounting sysfs if you don't have CAP_SYS_ADMIN rights over the network namespace. So the mounting /sys as a tmpfs code introduced in d8fc6a000fe21b0c1ba27fbfed8b42d00b349a4b doesn't work with user namespaces if we don't use private-net. The reason is that we mount sysfs inside the container and we're in the network namespace of the host but we don't have CAP_SYS_ADMIN over that namespace. To fix that, we mount /sys as a sysfs (instead of tmpfs) if we don't use private network and ignore the /sys-as-a-tmpfs code if we find that /sys is already mounted as sysfs. Fixes #1555
2015-10-09	nspawn: create /sys/fs/cgroup for unified hierarchy as well	Mirco Tischler

2015-09-30	nspawn: mount /sys as tmpfs, and then mount only select subdirs of the real ↵	Lennart Poettering
	sysfs below it This way we can hide things like /sys/firmware or /sys/hypervisor from the container, while keeping the device tree around. While this is a security benefit in itself it also allows us to fix issue #1277. Previously we'd mount /sys before creating the user namespace, in order to be able to mount /sys/fs/cgroup/* beneath it (which resides in it), which we can only mount outside of the user namespace. To ensure that the user namespace owns the network namespace we'd set up the network namespace at the same time as the user namespace. Thus, we'd still see the /sys/class/net/ from the originating network namespace, even though we are in our own network namespace now. With this patch, /sys is mounted before transitioning into the user namespace as tmpfs, so that we can also mount /sys/fs/cgroup/* into it this early. The directories such as /sys/class/ are then later added in from the real sysfs from inside the network and user namespace so that they actually show whatis available in it. Fixes #1277
2015-09-30	nspawn: fix user namespace support	Lennart Poettering
	We didn#t actually pass ownership of /run to the UID in the container since some releases, let's fix that.
2015-09-30	nspawn: make sure mount_legacy_cgroup_hierarchy() can deal with NULL root ↵	Lennart Poettering
	directories
2015-09-07	nspawn: remove nspawn.h, it's empty now	Lennart Poettering

2015-09-07	nspawn: split out mount related functions into a new nspawn-mount.c file	Lennart Poettering