picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src/nspawn
History
Lennart Poettering 8e5430c4bd nspawn: set up a new session keyring for the container process 
keyring material should not leak into the container. So far we relied on
seccomp to deny access to the keyring, but given that we now made the
seccomp configurable, and access to keyctl() and friends may optionally
be permitted to containers now let's make sure we disconnect the callers
keyring from the keyring of PID 1 in the container.
2017-09-22 15:28:04 +02:00
..
meson.build meson: reindent all files with 8 spaces 2017-04-23 21:47:29 -04:00
nspawn-cgroup.c Be slightly more verbose in error message 2017-07-02 12:03:56 -04:00
nspawn-cgroup.h nspawn: cleanup and chown the synced cgroup hierarchy (#4223) 2016-10-13 09:50:46 -04:00
nspawn-expose-ports.c core: introduce parse_ip_port (#4825) 2016-12-06 12:21:45 +01:00
nspawn-expose-ports.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
nspawn-gperf.gperf nspawn: implement configurable syscall whitelisting/blacklisting 2017-09-12 14:06:21 +02:00
nspawn-mount.c nspawn: do not mount /sys/fs/kdbus 2017-07-23 12:03:00 -04:00
nspawn-mount.h nspawn: Add support for sysroot pivoting (#5258) 2017-02-08 16:54:31 +01:00
nspawn-network.c Fix includes (#5980) 2017-05-19 10:01:35 -04:00
nspawn-network.h nspawn: add new --network-zone= switch for automatically managed bridge devices 2016-05-09 15:45:31 +02:00
nspawn-patch-uid.c fs-util: unify code we use to check if dirent's d_name is "." or ".." 2017-02-02 00:06:18 +01:00
nspawn-patch-uid.h nspawn: optionally fix up OS tree uid/gids for userns 2016-04-25 12:15:57 +02:00
nspawn-register.c nspawn: wait for the scope to be created (#6261) 2017-07-03 07:59:49 +02:00
nspawn-register.h nspawn: register a scope for the unit if --register=no is specified (#6166) 2017-06-28 13:22:46 -04:00
nspawn-seccomp.c nspawn: replace syscall blacklist by a whitelist 2017-09-14 15:45:21 +02:00
nspawn-seccomp.h nspawn: implement configurable syscall whitelisting/blacklisting 2017-09-12 14:06:21 +02:00
nspawn-settings.c nspawn: implement configurable syscall whitelisting/blacklisting 2017-09-12 14:06:21 +02:00
nspawn-settings.h nspawn: implement configurable syscall whitelisting/blacklisting 2017-09-12 14:06:21 +02:00
nspawn-setuid.c Use "return log_error_errno" in more places" 2016-07-22 21:25:09 -04:00
nspawn-setuid.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
nspawn-stub-pid1.c nspawn: make sure to send SIGTERM/SIGHUP to the main nspawn process if stubinit receives SIGRTMIN+3 (#6167) 2017-06-22 22:20:09 -04:00
nspawn-stub-pid1.h nspawn: flush out environment block of the -a stub init process 2016-12-14 18:29:30 +01:00
nspawn.c nspawn: set up a new session keyring for the container process 2017-09-22 15:28:04 +02:00
test-patch-uid.c nspawn: optionally fix up OS tree uid/gids for userns 2016-04-25 12:15:57 +02:00