| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2014-12-14 | build-sys: remove commented-out m4 from user@.service | Mantas Mikulėnas | |
| Otherwise this actually remains in the generated unit in /usr/lib. If you want to keep it commented out, a m4-compatible way would be: m4_ifdef(`HAVE_SMACK', dnl Capabilities=cap_mac_admin=i dnl SecureBits=keep-caps ) | |||
| 2014-12-10 | build-sys: turn off SMACK capabilities stuff for now, since it is ↵ | Lennart Poettering | |
| incompatible with nspawn | |||
| 2014-12-09 | bus-proxy: cloning smack label | Przemyslaw Kedzierski | |
| When dbus client connects to systemd-bus-proxyd through Unix domain socket proxy takes client's smack label and sets for itself. It is done before and independent of dropping privileges. The reason of such soluton is fact that tests of access rights performed by lsm may take place inside kernel, not only in userspace of recipient of message. The bus-proxyd needs CAP_MAC_ADMIN to manipulate its label. In case of systemd running in system mode, CAP_MAC_ADMIN should be added to CapabilityBoundingSet in service file of bus-proxyd. In case of systemd running in user mode ('systemd --user') it can be achieved by addition Capabilities=cap_mac_admin=i and SecureBits=keep-caps to user@.service file and setting cap_mac_admin+ei on bus-proxyd binary. | |||
| 2014-01-08 | pam_systemd: export DBUS_SESSION_BUS_ADDRESS | Kay Sievers | |
| 2013-12-27 | build-sys: fix generation of user@.service | Zbigniew Jędrzejewski-Szmek | |
 |
index : ~lukeshu/systemd | |
| Unnamed repository; edit this file 'description' to name the repository. | git-mirror |
| summaryrefslogtreecommitdiff |