picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src
History
Jay Faulkner 9a71b1122c nspawn: Map all seccomp filters to capabilities 
This change makes it so all seccomp filters are mapped
to the appropriate capability and are only added if that
capability was not requested when running the container.

This unbreaks the remaining use cases broken by the
addition of seccomp filters without respecting requested
capabilities.

Co-Authored-By: Clif Houck <me@clifhouck.com>

[zj: - adapt to our coding style, make struct anonymous]
2015-03-04 23:18:09 -05:00
..
ac-power treewide: no need to negate errno for log_*_errno() 2014-11-28 13:29:21 +01:00
activate remove unused includes 2015-02-23 23:53:42 +01:00
analyze remove unused includes 2015-02-23 23:53:42 +01:00
ask-password remove unused includes 2015-02-23 23:53:42 +01:00
backlight backlight: let udev properties override clamping 2015-02-02 17:18:40 +01:00
binfmt remove unused includes 2015-02-23 23:53:42 +01:00
boot boot: efi - ignore .conf snippets starting with "auto-" 2015-03-01 13:16:10 +01:00
bootchart Do not advertise .d snippets over main config file 2015-03-03 19:10:21 -05:00
bus-proxyd bus-proxyd: avoid logging oom twice 2015-03-03 10:19:51 -05:00
cgls remove unused includes 2015-02-23 23:53:42 +01:00
cgroups-agent treewide: no need to negate errno for log_*_errno() 2014-11-28 13:29:21 +01:00
cgtop treewide: no need to negate errno for log_*_errno() 2014-11-28 13:29:21 +01:00
compat-libs #pragma once here and there 2015-01-23 09:30:44 -05:00
console remove unused includes 2015-02-23 23:53:42 +01:00
core Allow up to 4096 simultaneous connections 2015-03-04 21:43:34 -05:00
cryptsetup remove unused includes 2015-02-23 23:53:42 +01:00
dbus1-generator util: rework strappenda(), and rename it strjoina() 2015-02-03 02:05:59 +01:00
debug-generator treewide: use log_*_errno whenever %m is in the format string 2014-11-28 19:49:27 +01:00
delta remove unused includes 2015-02-23 23:53:42 +01:00
detect-virt remove unused includes 2015-02-23 23:53:42 +01:00
efi-boot-generator remove unused includes 2015-02-23 23:53:42 +01:00
escape Unify parse_argv style 2014-08-03 21:46:07 -04:00
firstboot util: rework strappenda(), and rename it strjoina() 2015-02-03 02:05:59 +01:00
fsck fsck: remove unnecessary check 2015-03-03 10:19:19 -05:00
fsckd Translate fsckd messages for plymouth 2015-02-18 16:33:46 +01:00
fstab-generator remove unused includes 2015-02-23 23:53:42 +01:00
getty-generator util: rework strappenda(), and rename it strjoina() 2015-02-03 02:05:59 +01:00
gpt-auto-generator remove unused includes 2015-02-23 23:53:42 +01:00
gudev remove unused includes 2015-02-23 23:53:42 +01:00
hibernate-resume remove unused includes 2015-02-23 23:53:42 +01:00
hostname remove unused includes 2015-02-23 23:53:42 +01:00
hwdb remove unused includes 2015-02-23 23:53:42 +01:00
import importd: add new bus calls for importing local tar and raw images 2015-03-05 00:59:38 +01:00
initctl remove unused includes 2015-02-23 23:53:42 +01:00
journal Do not advertise .d snippets over main config file 2015-03-03 19:10:21 -05:00
journal-remote journal-remote: fix saving of binary fields 2015-03-02 10:40:01 -05:00
kernel-install kernel-install/90-loaderentry.install: fix cmdline parsing 2014-11-01 14:39:48 -04:00
libsystemd Remove the cap on epoll events 2015-03-04 21:43:17 -05:00
libsystemd-network sd-dhcp6-client: delay setting the DUID and don't fail constructor 2015-03-04 11:01:39 +01:00
libsystemd-terminal remove unused includes 2015-02-23 23:53:42 +01:00
libudev remove unused includes 2015-02-23 23:53:42 +01:00
locale remove unused includes 2015-02-23 23:53:42 +01:00
login Do not advertise .d snippets over main config file 2015-03-03 19:10:21 -05:00
machine importd: add new bus calls for importing local tar and raw images 2015-03-05 00:59:38 +01:00
machine-id-commit remove unused includes 2015-02-23 23:53:42 +01:00
machine-id-setup remove unused includes 2015-02-23 23:53:42 +01:00
modules-load remove unused includes 2015-02-23 23:53:42 +01:00
network networkd: Make DHCP client ID creation configurable 2015-03-04 11:01:39 +01:00
notify remove unused includes 2015-02-23 23:53:42 +01:00
nspawn nspawn: Map all seccomp filters to capabilities 2015-03-04 23:18:09 -05:00
nss-myhostname remove unused includes 2015-02-23 23:53:42 +01:00
nss-mymachines nss: remove dead code 2014-09-19 00:15:39 +02:00
nss-resolve remove unused includes 2015-02-23 23:53:42 +01:00
path remove unused includes 2015-02-23 23:53:42 +01:00
python-systemd python-systemd: avoid hitting assert in __exit__ 2014-10-14 08:35:16 -04:00
quotacheck remove unused includes 2015-02-23 23:53:42 +01:00
random-seed random-seed: avoid errors when we cannot write random-seed file 2015-01-17 11:55:14 +01:00
rc-local-generator treewide: use log_*_errno whenever %m is in the format string 2014-11-28 19:49:27 +01:00
remount-fs remove unused includes 2015-02-23 23:53:42 +01:00
reply-password remove unused includes 2015-02-23 23:53:42 +01:00
resolve Do not advertise .d snippets over main config file 2015-03-03 19:10:21 -05:00
resolve-host remove unused includes 2015-02-23 23:53:42 +01:00
rfkill rfkill: rework how we generate file names from rfkill devices 2014-12-03 02:04:55 +01:00
run nspawn: when connected to pipes for stdin/stdout, pass them as-is to PID 1 2015-02-18 23:36:20 +01:00
shared Use correct uname identifiers in arch_map for SuperH architecture 2015-03-04 19:32:11 -05:00
shutdownd remove unused includes 2015-02-23 23:53:42 +01:00
sleep remove unused includes 2015-02-23 23:53:42 +01:00
socket-proxy remove unused includes 2015-02-23 23:53:42 +01:00
sysctl sysctl: downgrade message about sysctl overrides to debug 2015-02-26 19:06:45 -05:00
system-update-generator remove unused includes 2015-02-23 23:53:42 +01:00
systemctl core: expose consumed CPU time per unit 2015-03-02 12:15:25 +01:00
systemd networkd: add support for Uplink Failure Detection 2015-02-27 13:58:30 -05:00
sysusers remove unused includes 2015-02-23 23:53:42 +01:00
sysv-generator remove unused includes 2015-02-23 23:53:42 +01:00
test test-hashmap: fix gcc5 warning 2015-02-24 16:26:30 +01:00
timedate timedated: when performing "SetTime" compensate for program lag 2015-02-26 11:53:33 +01:00
timesync Do not advertise .d snippets over main config file 2015-03-03 19:10:21 -05:00
tmpfiles tmpfiles: quietly ignore ACLs on unsupported filesystems 2015-03-03 10:17:17 -05:00
tty-ask-password-agent include <poll.h> instead of <sys/poll.h> 2015-02-12 20:47:38 +01:00
udev build-sys: generate CLEANFILES from EXTRA_DIST 2015-03-04 22:47:19 -05:00
update-done remove unused includes 2015-02-23 23:53:42 +01:00
update-utmp remove unused includes 2015-02-23 23:53:42 +01:00
user-sessions user-sessions: move into own subdir and build independently of logind 2015-02-27 17:28:03 -05:00
vconsole remove unused includes 2015-02-23 23:53:42 +01:00
.gitignore
Makefile