summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Expand)Author
2016-09-27test: make sure that {readonly|inaccessible|readwrite}paths disconnect mount ...Djalal Harouni
2016-09-27test: add tests for simple ReadOnlyPaths= caseDjalal Harouni
2016-09-25test: add CAP_MKNOD tests for PrivateDevices=Djalal Harouni
2016-09-25core: Use @raw-io syscall group to filter I/O syscalls when PrivateDevices= i...Djalal Harouni
2016-09-25core:namespace: simplify ProtectHome= implementationDjalal Harouni
2016-09-25core: simplify ProtectSystem= implementationDjalal Harouni
2016-09-25core:sandbox: add more /proc/* entries to ProtectKernelTunables=Djalal Harouni
2016-09-25core:namespace: simplify mount calculationDjalal Harouni
2016-09-25core:namespace: put paths protected by ProtectKernelTunables= inDjalal Harouni
2016-09-25core:namespace: minor improvements to append_mounts()Djalal Harouni
2016-09-25execute: move SMACK setup code into its own functionLennart Poettering
2016-09-25namespace: drop all mounts outside of the new root directoryLennart Poettering
2016-09-25main: minor simplificationLennart Poettering
2016-09-25execute: filter low-level I/O syscalls if PrivateDevices= is setLennart Poettering
2016-09-25namespace: don't make the root directory of a namespace a mount if it already...Lennart Poettering
2016-09-25namespace: chase symlinks for mounts to set up in userspaceLennart Poettering
2016-09-25namespace: invoke unshare() only after checking all parametersLennart Poettering
2016-09-25execute: drop group priviliges only after setting up namespaceLennart Poettering
2016-09-25nspawn: let's mount /proc/sysrq-trigger read-only by defaultLennart Poettering
2016-09-25core: imply ProtectHome=read-only and ProtectSystem=strict if DynamicUser=1Lennart Poettering
2016-09-25core: introduce ProtectSystem=strictLennart Poettering
2016-09-25namespace: add some debug logging when enforcing InaccessiblePaths=Lennart Poettering
2016-09-25namespace: rework how ReadWritePaths= is appliedLennart Poettering
2016-09-25namespace: when enforcing fs namespace restrictions suppress redundant mountsLennart Poettering
2016-09-25namespace: simplify mount_path_compare() a bitLennart Poettering
2016-09-25execute: if RuntimeDirectory= is set, it should be writableLennart Poettering
2016-09-25execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.cLennart Poettering
2016-09-25execute: split out creation of runtime dirs into its own functionsLennart Poettering
2016-09-25namespace: make sure InaccessibleDirectories= masks all mounts further downLennart Poettering
2016-09-25core: add two new service settings ProtectKernelTunables= and ProtectControlG...Lennart Poettering
2016-09-25core: enforce seccomp for secondary archs too, for all rulesLennart Poettering
2016-09-24Merge pull request #4182 from jkoelker/routetableZbigniew Jędrzejewski-Szmek
2016-09-24networkd: do not drop config for pending interfaces (#4187)Martin Pitt
2016-09-24kernel-install: allow plugins to terminate the procedure (#4174)Zbigniew Jędrzejewski-Szmek
2016-09-24Merge pull request #4207 from fbuihuu/fix-journal-hmac-calculationZbigniew Jędrzejewski-Szmek
2016-09-24sysctl: configure kernel parameters in the order they occur in each sysctl co...HATAYAMA Daisuke
2016-09-24nspawn: decouple --boot from CLONE_NEWIPC (#4180)Luca Bruno
2016-09-23journal: fix HMAC calculation when appending a data objectFranck Bui
2016-09-23journal: warn when we fail to append a tag to a journalFranck Bui
2016-09-22machine: Disable more output when quiet flag is set (#4196)Wilhelm Schuster
2016-09-20nspawn: fix comment typo in setup_timezone example (#4183)Michael Pope
2016-09-19networkd: Allow specifying RouteTable for RAsJason Kölker
2016-09-19networkd: Allow specifying RouteTable for DHCPJason Kölker
2016-09-18journal: fix typo in comment (#4176)Felix Zhang
2016-09-17Revert "kernel-install: Add KERNEL_INSTALL_NOOP (#4103)"Martin Pitt
2016-09-17Merge pull request #4123 from keszybz/network-file-dropinsMartin Pitt
2016-09-17nspawn: clarify log warning for /etc/localtime not being a symbolic link (#4163)Michael Pope
2016-09-16networkd: change message about missing KindZbigniew Jędrzejewski-Szmek
2016-09-16networkd: support drop-in dirs for .network filesZbigniew Jędrzejewski-Szmek
2016-09-16shared/conf-parser: add config_parse_many which takes strv with dirsZbigniew Jędrzejewski-Szmek