summaryrefslogtreecommitdiff
path: root/units/systemd-localed.service.in
AgeCommit message (Collapse)Author
2016-09-25units: further lock down our long-running servicesLennart Poettering
Let's make this an excercise in dogfooding: let's turn on more security features for all our long-running services. Specifically: - Turn on RestrictRealtime=yes for all of them - Turn on ProtectKernelTunables=yes and ProtectControlGroups=yes for most of them - Turn on RestrictAddressFamilies= for all of them, but different sets of address families for each Also, always order settings in the unit files, that the various sandboxing features are close together. Add a couple of missing, older settings for a numbre of unit files. Note that this change turns off AF_INET/AF_INET6 from udevd, thus effectively turning of networking from udev rule commands. Since this might break stuff (that is already broken I'd argue) this is documented in NEWS.
2016-06-13units: tighten system call filters a bitLennart Poettering
Take away kernel keyring access, CPU emulation system calls and various debug system calls from the various daemons we have.
2016-06-09units: add a basic SystemCallFilter (#3471)Topi Miettinen
Add a line SystemCallFilter=~@clock @module @mount @obsolete @raw-io ptrace for daemons shipped by systemd. As an exception, systemd-timesyncd needs @clock system calls and systemd-localed is not privileged. ptrace(2) is blocked to prevent seccomp escapes.
2016-06-08units: enable MemoryDenyWriteExecute (#3459)Topi Miettinen
Secure daemons shipped by systemd by enabling MemoryDenyWriteExecute. Closes: #3459
2015-09-29units: increase watchdog timeout to 3min for all our servicesLennart Poettering
Apparently, disk IO issues are more frequent than we hope, and 1min waiting for disk IO happens, so let's increase the watchdog timeout a bit, for all our services. See #1353 for an example where this triggers.
2015-02-11Revert "units: add SecureBits"Lennart Poettering
This reverts commit 6a716208b346b742053cfd01e76f76fb27c4ea47. Apparently this doesn't work. http://lists.freedesktop.org/archives/systemd-devel/2015-February/028212.html
2015-02-11units: add SecureBitsTopi Miettinen
No setuid programs are expected to be executed, so add SecureBits=noroot noroot-locked to unit files.
2014-06-04core: rename ReadOnlySystem= to ProtectSystem= and add a third value for ↵Lennart Poettering
also mounting /etc read-only Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit. With this in place we now have two neat options ProtectSystem= and ProtectHome= for protecting the OS itself (and optionally its configuration), and for protecting the user's data.
2014-06-03core: add new ReadOnlySystem= and ProtectedHome= settings for service unitsLennart Poettering
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
2014-03-19core: enable PrivateNetwork= for a number of our long running services where ↵Lennart Poettering
this is useful
2014-03-19units: make use of PrivateTmp=yes and PrivateDevices=yes for all our ↵Lennart Poettering
long-running daemons
2013-12-11event: hook up sd-event with the service watchdog logicLennart Poettering
Adds a new call sd_event_set_watchdog() that can be used to hook up the event loop with the watchdog supervision logic of systemd. If enabled and $WATCHDOG_USEC is set the event loop will ping the invoking systemd daemon right after coming back from epoll_wait() but not more often than $WATCHDOG_USEC/4. The epoll_wait() will sleep no longer than $WATCHDOG_USEC/4*3, to make sure the service manager is called in time. This means that setting WatchdogSec= in a .service file and calling sd_event_set_watchdog() in your daemon is enough to hook it up with the watchdog logic.
2012-06-25man: document localedLennart Poettering
2012-05-21units: introduce new Documentation= field and make use of it everywhereLennart Poettering
This should help making the boot process a bit easier to explore and understand for the administrator. The simple idea is that "systemctl status" now shows a link to documentation alongside the other status and decriptionary information of a service. This patch adds the necessary fields to all our shipped units if we have proper documentation for them.
2012-05-03units: explicit Type=dbus is now redundantLennart Poettering
2012-04-12relicense to LGPLv2.1 (with exceptions)Lennart Poettering
We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.
2011-06-21mechanisms: add mechanisms to change system locale and clockLennart Poettering