| Commit message (Expand) | Author | Age | Files | Lines |
* | namespace: keep selinuxfs mounted read-write with ProtectKernelTunables (#5741) | Nicolas Iooss | 2017-07-31 | 1 | -0/+1 |
* | core: open /proc/self/mountinfo early to allow mounts over /proc (#5985) | Timothée Ravier | 2017-05-19 | 1 | -3/+13 |
* | namespace: Apply MountAPIVFS= only when a Root directory is set | Djalal Harouni | 2017-03-05 | 1 | -8/+15 |
* | namespace: create base-filesystem directories if RootImage= or RootDirectory=... | Djalal Harouni | 2017-03-05 | 1 | -0/+5 |
* | Fix missing space in comments (#5439) | AsciiWolf | 2017-02-24 | 1 | -1/+1 |
* | core,nspawn,dissect: make nspawn's .roothash file search reusable | Lennart Poettering | 2017-02-07 | 1 | -1/+16 |
* | core: add RootImage= setting for using a specific image file as root director... | Lennart Poettering | 2017-02-07 | 1 | -2/+42 |
* | core: add a per-unit setting MountAPIVFS= for mounting /dev, /proc, /sys in c... | Lennart Poettering | 2017-02-07 | 1 | -12/+99 |
* | core: fix minor memleak in namespace.c | Lennart Poettering | 2017-02-07 | 1 | -5/+12 |
* | core: add ability to define arbitrary bind mounts for services | Lennart Poettering | 2016-12-14 | 1 | -11/+116 |
* | namespace: instead of chasing mount symlinks a priori, do so as-we-go | Lennart Poettering | 2016-12-14 | 1 | -52/+34 |
* | core: rename BindMount structure → MountEntry | Lennart Poettering | 2016-12-14 | 1 | -74/+74 |
* | namespace: add explicit read-only flag | Lennart Poettering | 2016-12-14 | 1 | -8/+17 |
* | namespace: reindent protect_system_strict_table[] as well | Lennart Poettering | 2016-12-13 | 1 | -7/+7 |
* | fs-util: add flags parameter to chase_symlinks() | Lennart Poettering | 2016-12-01 | 1 | -1/+1 |
* | tree-wide: stop using canonicalize_file_name(), use chase_symlinks() instead | Lennart Poettering | 2016-12-01 | 1 | -2/+2 |
* | namespace: clarify that /proc/apm is obsolete, but leave it blocked | Lennart Poettering | 2016-11-17 | 1 | -1/+1 |
* | namespace: reindent namespace tables | Lennart Poettering | 2016-11-17 | 1 | -30/+30 |
* | namespace: simplify, optimize and extend handling of mounts for namespace | Lennart Poettering | 2016-11-17 | 1 | -173/+159 |
* | core:namespace: count and free failed paths inside chase_all_symlinks() (#4619) | Djalal Harouni | 2016-11-10 | 1 | -14/+18 |
* | core: on DynamicUser= make sure that protecting sensitive paths is enforced (... | Djalal Harouni | 2016-11-08 | 1 | -18/+29 |
* | nspawn: slight simplification | Zbigniew Jędrzejewski-Szmek | 2016-11-07 | 1 | -11/+7 |
* | nspawn: avoid one strdup by using free_and_replace | Zbigniew Jędrzejewski-Szmek | 2016-11-07 | 1 | -2/+3 |
* | core: make RootDirectory= and ProtectKernelModules= work | Djalal Harouni | 2016-11-07 | 1 | -56/+86 |
* | tree-wide: drop NULL sentinel from strjoin | Zbigniew Jędrzejewski-Szmek | 2016-10-23 | 1 | -1/+1 |
* | core:sandbox: lets make /lib/modules/ inaccessible on ProtectKernelModules= | Djalal Harouni | 2016-10-12 | 1 | -17/+37 |
* | core:namespace: simplify ProtectHome= implementation | Djalal Harouni | 2016-09-25 | 1 | -22/+53 |
* | core: simplify ProtectSystem= implementation | Djalal Harouni | 2016-09-25 | 1 | -58/+113 |
* | core:sandbox: add more /proc/* entries to ProtectKernelTunables= | Djalal Harouni | 2016-09-25 | 1 | -0/+11 |
* | core:namespace: simplify mount calculation | Djalal Harouni | 2016-09-25 | 1 | -12/+34 |
* | core:namespace: put paths protected by ProtectKernelTunables= in | Djalal Harouni | 2016-09-25 | 1 | -19/+35 |
* | core:namespace: minor improvements to append_mounts() | Djalal Harouni | 2016-09-25 | 1 | -4/+4 |
* | namespace: drop all mounts outside of the new root directory | Lennart Poettering | 2016-09-25 | 1 | -0/+26 |
* | namespace: don't make the root directory of a namespace a mount if it already... | Lennart Poettering | 2016-09-25 | 1 | -3/+8 |
* | namespace: chase symlinks for mounts to set up in userspace | Lennart Poettering | 2016-09-25 | 1 | -42/+76 |
* | namespace: invoke unshare() only after checking all parameters | Lennart Poettering | 2016-09-25 | 1 | -3/+3 |
* | core: introduce ProtectSystem=strict | Lennart Poettering | 2016-09-25 | 1 | -9/+47 |
* | namespace: add some debug logging when enforcing InaccessiblePaths= | Lennart Poettering | 2016-09-25 | 1 | -3/+4 |
* | namespace: rework how ReadWritePaths= is applied | Lennart Poettering | 2016-09-25 | 1 | -23/+43 |
* | namespace: when enforcing fs namespace restrictions suppress redundant mounts | Lennart Poettering | 2016-09-25 | 1 | -0/+39 |
* | namespace: simplify mount_path_compare() a bit | Lennart Poettering | 2016-09-25 | 1 | -11/+9 |
* | namespace: make sure InaccessibleDirectories= masks all mounts further down | Lennart Poettering | 2016-09-25 | 1 | -4/+40 |
* | core: add two new service settings ProtectKernelTunables= and ProtectControlG... | Lennart Poettering | 2016-09-25 | 1 | -4/+32 |
* | Merge pull request #3764 from poettering/assorted-stuff-2 | Martin Pitt | 2016-07-22 | 1 | -1/+1 |
|\ |
|
| * | namespace: add a (void) cast | Lennart Poettering | 2016-07-20 | 1 | -1/+1 |
* | | namespace: fix wrong return value from mount(2) (#3758) | Topi Miettinen | 2016-07-20 | 1 | -1/+2 |
|/ |
|
* | namespace: minor improvements | Lennart Poettering | 2016-07-20 | 1 | -8/+5 |
* | doc,core: Read{Write,Only}Paths= and InaccessiblePaths= | Alessandro Puccetti | 2016-07-19 | 1 | -9/+9 |
* | namespace: unify limit behavior on non-directory paths | Alessandro Puccetti | 2016-07-19 | 1 | -8/+23 |
* | namespace: Make private /dev noexec and readonly (#3263) | topimiettinen | 2016-05-15 | 1 | -3/+7 |