picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src
History
Lennart Poettering 74dd6b515f core: run each system service with a fresh session keyring 
This patch ensures that each system service gets its own session kernel keyring
automatically, and implicitly. Without this a keyring is allocated for it
on-demand, but is then linked with the user's kernel keyring, which is OK
behaviour for logged in users, but not so much for system services.

With this change each service gets a session keyring that is specific to the
service and ceases to exist when the service is shut down. The session keyring
is not linked up with the user keyring and keys hence only search within the
session boundaries by default.

(This is useful in a later commit to store per-service material in the keyring,
for example the invocation ID)

(With input from David Howells)
2016-12-13 20:59:10 +01:00
..
ac-power
activate tree-wide: set SA_RESTART for signal handlers we install 2016-12-01 12:41:17 +01:00
analyze analyze: fix build without seccomp 2016-11-10 10:12:31 +01:00
ask-password
backlight tree-wide: drop NULL sentinel from strjoin 2016-10-23 11:43:27 -04:00
basic core: run each system service with a fresh session keyring 2016-12-13 20:59:10 +01:00
binfmt
boot Update boot.c (#4780) 2016-12-01 15:58:58 +01:00
cgls tree-wide: drop NULL sentinel from strjoin 2016-10-23 11:43:27 -04:00
cgroups-agent tree-wide: introduce new SOCKADDR_UN_LEN() macro, and use it everywhere 2016-05-05 22:24:36 +02:00
cgtop tree-wide: drop NULL sentinel from strjoin 2016-10-23 11:43:27 -04:00
core core: run each system service with a fresh session keyring 2016-12-13 20:59:10 +01:00
coredump coredump: bump type of arg_journal_size_max to uint64 too 2016-11-08 00:21:37 -05:00
cryptsetup minor code beautifications 2016-12-07 18:38:41 +01:00
dbus1-generator Ensure kdbus isn't used (#3501) 2016-06-18 17:24:23 -04:00
debug-generator tree-wide: drop NULL sentinel from strjoin 2016-10-23 11:43:27 -04:00
delta tree-wide: replace all readdir cycles with FOREACH_DIRENT{,_ALL} (#4853) 2016-12-09 10:04:30 +01:00
detect-virt detect-virt: add --private-users switch to check if a userns is active 2016-10-26 20:12:51 -04:00
dissect dissect: add DISSECT_IMAGE_DISCARD_ANY mask 2016-12-07 15:26:11 -05:00
escape tree-wide: drop NULL sentinel from strjoin 2016-10-23 11:43:27 -04:00
firstboot tree-wide: use sd_id128_is_null() instead of sd_id128_equal where appropriate 2016-07-22 12:38:08 +02:00
fsck tree-wide: make parse_proc_cmdline() strip "rd." prefix automatically 2016-10-22 16:08:55 -04:00
fstab-generator fstab-generator: add x-systemd.mount-timeout (#4603) 2016-11-11 09:08:57 -05:00
getty-generator
gpt-auto-generator tree-wide: stop using canonicalize_file_name(), use chase_symlinks() instead 2016-12-01 00:25:51 +01:00
hibernate-resume tree-wide: drop NULL sentinel from strjoin 2016-10-23 11:43:27 -04:00
hostname networkd: allow networkd to set the timezone in timedated 2016-11-23 16:32:06 +01:00
hwdb hwdb: emit warning when matches are specified at the very end of file 2016-12-11 18:01:26 -05:00
import nspawn: add fallback top normal copy/reflink when we cannot btrfs snapshot 2016-11-22 13:35:09 +01:00
initctl Rename formats-util.h to format-util.h 2016-11-07 10:15:08 -05:00
journal journal: fix warning about LZ4_compress_limitedOutput 2016-12-10 13:52:49 -05:00
journal-remote python: adjust imports, indentation, unused variables following pylint advice 2016-12-01 18:55:23 -05:00
kernel-install kernel-install: use exit instead of return (#4565) 2016-11-04 08:58:41 -04:00
libsystemd sd-id128: id128_write overwrites target file 2016-12-13 13:03:14 +00:00
libsystemd-network network: fix const qualifier (#4849) 2016-12-07 16:42:17 -05:00
libudev libudev: set errno if udev_new() fails 2016-12-07 18:38:40 +01:00
locale tree-wide: drop NULL sentinel from strjoin 2016-10-23 11:43:27 -04:00
login tree-wide: replace all readdir cycles with FOREACH_DIRENT{,_ALL} (#4853) 2016-12-09 10:04:30 +01:00
machine nspawn/dissect: automatically discover dm-verity verity partitions 2016-12-07 18:38:41 +01:00
machine-id-setup machine-id-setup: --print --commit respects the --root option 2016-12-13 13:03:13 +00:00
modules-load tree-wide: make parse_proc_cmdline() strip "rd." prefix automatically 2016-10-22 16:08:55 -04:00
mount tree-wide: drop NULL sentinel from strjoin 2016-10-23 11:43:27 -04:00
network Merge pull request #4859 from keszybz/networkd 2016-12-11 20:38:15 +01:00
notify Rename formats-util.h to format-util.h 2016-11-07 10:15:08 -05:00
nspawn nspawn: when getting SIGCHLD make sure it's from the first child (#4855) 2016-12-13 02:38:18 +01:00
nss-myhostname treewide: fix typos and remove accidental repetition of words 2016-07-11 16:18:43 +02:00
nss-mymachines nss-mymachines: avoid connecting to dbus from inside dbus-daemon 2016-08-19 00:52:00 +02:00
nss-resolve nss-resolve: be a bit more careful with returning NSS_STATUS_NOTFOUND 2016-10-24 19:04:43 +02:00
nss-systemd nss-systemd: remove useless define 2016-10-22 18:39:08 -04:00
path
quotacheck tree-wide: make parse_proc_cmdline() strip "rd." prefix automatically 2016-10-22 16:08:55 -04:00
random-seed
rc-local-generator tree-wide: drop NULL sentinel from strjoin 2016-10-23 11:43:27 -04:00
remount-fs core: when determining whether a process exit status is clean, consider whether it is a command or a daemon 2016-10-10 22:57:01 +02:00
reply-password tree-wide: introduce new SOCKADDR_UN_LEN() macro, and use it everywhere 2016-05-05 22:24:36 +02:00
resolve core: introduce parse_ip_port (#4825) 2016-12-06 12:21:45 +01:00
rfkill tree-wide: drop NULL sentinel from strjoin 2016-10-23 11:43:27 -04:00
run Rename formats-util.h to format-util.h 2016-11-07 10:15:08 -05:00
shared Merge pull request #4864 from keszybz/build-sys 2016-12-11 20:12:32 +01:00
sleep
socket-proxy socket-proxyd: Introduced dynamic connection limit via an option. (#4749) 2016-11-28 18:25:11 +01:00
stdio-bridge
sysctl sysctl: minor simplification 2016-11-02 11:39:48 -06:00
system-update-generator
systemctl fs-util: add flags parameter to chase_symlinks() 2016-12-01 00:25:51 +01:00
systemd pid1,catalog: use a different MESSAGE_ID for user manager startup 2016-12-11 12:41:23 -05:00
sysusers Rename formats-util.h to format-util.h 2016-11-07 10:15:08 -05:00
sysv-generator tree-wide: drop NULL sentinel from strjoin 2016-10-23 11:43:27 -04:00
test Merge pull request #4835 from poettering/unit-name-printf 2016-12-10 01:29:52 -05:00
timedate Add enable_disable() helper 2016-07-31 22:48:22 -04:00
timesync timesyncd: clear ADJ_MAXERROR to keep STA_UNSYNC cleared after jump adjust (#4626) 2016-11-11 18:50:46 +01:00
tmpfiles tree-wide: replace all readdir cycles with FOREACH_DIRENT{,_ALL} (#4853) 2016-12-09 10:04:30 +01:00
tty-ask-password-agent core: when determining whether a process exit status is clean, consider whether it is a command or a daemon 2016-10-10 22:57:01 +02:00
udev tree-wide: replace all readdir cycles with FOREACH_DIRENT{,_ALL} (#4853) 2016-12-09 10:04:30 +01:00
update-done update-done: minor clean-ups 2016-10-24 17:29:51 +02:00
update-utmp Rename formats-util.h to format-util.h 2016-11-07 10:15:08 -05:00
user-sessions
vconsole Merge pull request #4448 from msoltyspl/vcfix 2016-10-26 20:55:18 -04:00
.gitignore
Makefile