~lukeshu/systemd - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2014-06-04	core: rename ReadOnlySystem= to ProtectSystem= and add a third value for ↵	Lennart Poettering
	also mounting /etc read-only Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit. With this in place we now have two neat options ProtectSystem= and ProtectHome= for protecting the OS itself (and optionally its configuration), and for protecting the user's data.
2014-06-03	core: add new ReadOnlySystem= and ProtectedHome= settings for service units	Lennart Poettering
	ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
2014-06-03	resolved: run as unpriviliged "systemd-resolve" user	Tom Gundersen
	This service is not yet network facing, but let's prepare nonetheless. Currently all caps are dropped, but some may need to be kept in the future.
2014-05-19	resolved: add daemon to manage resolv.conf	Tom Gundersen
	Also remove the equivalent functionality from networkd.