picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Ninjatrappeur's systemd working tree
24238 commits 2 branches 0 tags 166 MiB
C 87.3%
Python 6.2%
Shell 2%
C++ 1.4%
Meson 1.2%
Other 1.8%
Go to file
Ismo Puustinen 755d4b67a4 capabilities: added support for ambient capabilities. 
This patch adds support for ambient capabilities in service files. The
idea with ambient capabilities is that the execed processes can run with
non-root user and get some inherited capabilities, without having any
need to add the capabilities to the executable file.

You need at least Linux 4.3 to use ambient capabilities. SecureBit
keep-caps is automatically added when you use ambient capabilities and
wish to change the user.

An example system service file might look like this:

[Unit]
Description=Service for testing caps

[Service]
ExecStart=/usr/bin/sleep 10000
User=nobody
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW

After starting the service it has these capabilities:

CapInh: 0000000000003000
CapPrm: 0000000000003000
CapEff: 0000000000003000
CapBnd: 0000003fffffffff
CapAmb: 0000000000003000
2016-01-12 12:14:50 +02:00
catalog Add initial Hungarian message catalog translation 2016-01-02 23:17:27 +01:00
coccinelle coccinelle: additional errno.cocci hunk 2015-11-09 20:01:06 +01:00
docs docs: add .gitignore 2015-07-06 17:47:38 +02:00
factory/etc factory: remove broken pam_limits 2014-07-30 15:21:54 +02:00
hwdb keymap: remap microphone mute keycode for Lenovo Thinkcentre M800z 2016-01-06 04:02:32 +01:00
m4 build-sys: Check behavior of -Werror=shadow before deciding to use it 2015-09-22 09:54:33 -07:00
man doc typo, src: systemd/src/journal-remote/journal-gatewayd.c 2016-01-11 16:38:35 +01:00
network networkd: emit DNS/NTP/Timezone info via DHCP server by default 2015-08-27 16:47:26 +02:00
po Updated Ukrainian translation 2016-01-11 13:55:48 +02:00
rules rfkill: rework and make it listen on /dev/rfkill 2015-10-01 16:21:09 +02:00
shell-completion importd: drop dkr support 2015-12-10 16:54:41 +01:00
src capabilities: added support for ambient capabilities. 2016-01-12 12:14:50 +02:00
sysctl.d sysctl: use %P instead of %p in core pattern 2015-11-17 17:32:49 +01:00
system-preset preset: enable machines.target by default 2014-12-29 17:36:57 +01:00
sysusers.d build: fix systemd-journal-upload installation 2015-12-09 03:48:56 +00:00
test tests: add regression test for systemctl restart systemd-journald 2015-12-30 05:00:14 +00:00
tmpfiles.d tmpfiles: set acls on system.journal explicitly 2015-11-29 23:38:09 -05:00
tools man: include the target name when linking to man pages in html output 2015-11-22 23:54:29 -05:00
units kmod-static-nodes: don't run if module list is empty 2016-01-11 16:26:17 +01:00
xorg login: support user-bus on dbus1 2015-08-31 18:12:37 +02:00
.dir-locals.el editors: specify fill column 2016-01-11 19:39:59 +01:00
.editorconfig add editorconfig configuration 2015-11-23 12:32:59 +01:00
.gitattributes git: indicate that tabs are never OK in the systemd tree 2013-10-30 02:25:38 +01:00
.gitignore Merge pull request #2115 from dvdhrm/rbtree 2015-12-08 17:31:09 +01:00
.mailmap NEWS: add more stuff, and reorder things a bit 2015-11-13 13:59:50 +01:00
.travis.yml remove gudev and gtk-doc 2015-06-03 00:22:53 +02:00
.vimrc editors: specify fill column 2016-01-11 19:39:59 +01:00
.ycm_extra_conf.py ycm: update flag blacklist 2014-06-04 15:41:10 -04:00
autogen.sh terminal: drop unfinished code 2015-07-27 20:15:34 +02:00
CODING_STYLE CODING_STYLE: elaborate on usage of C99 fixed size integer types 2015-11-10 17:31:30 +01:00
configure.ac build-sys: refactor have_smack detection 2015-12-12 06:08:25 +00:00
DISTRO_PORTING build-sys: warn if people don't change the default NTP servers when building systemd 2015-07-11 14:24:29 -03:00
LICENSE.GPL2 relicense to LGPLv2.1 (with exceptions) 2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1 licence: remove references to old FSF address 2012-12-17 11:41:31 +01:00
Makefile-man.am man: add documentation for dnssec-trust-anchors.d(5) 2016-01-05 14:20:27 +01:00
Makefile.am basic: split hash functions into their own header files 2016-01-11 19:39:59 +01:00
NEWS NEWS: add in missing NEWS entry for 228 feature RemainAfterElapse= 2015-11-18 17:04:04 +01:00
README README: Recommend kinvolk regarding engineering services 2015-12-10 11:57:08 +01:00
README.md README.md: add Coverity scan status badge 2015-06-08 13:26:54 +02:00
TODO Merge pull request #2096 from teg/resolved-cache 2015-12-10 20:48:42 +01:00

README.md

systemd - System and Service Manager

Build Status
Coverity Scan Status

Details

  • General information about systemd can be found in the systemd Wiki
  • Information about build requirements are provided in the README file