Ninjatrappeur's systemd working tree

Go to file

Lennart Poettering d251207d55 core: add new PrivateUsers= option to service execution This setting adds minimal user namespacing support to a service. When set the invoked processes will run in their own user namespace. Only a trivial mapping will be set up: the root user/group is mapped to root, and the user/group of the service will be mapped to itself, everything else is mapped to nobody. If this setting is used the service runs with no capabilities on the host, but configurable capabilities within the service. This setting is particularly useful in conjunction with RootDirectory= as the need to synchronize /etc/passwd and /etc/group between the host and the service OS tree is reduced, as only three UID/GIDs need to match: root, nobody and the user of the service itself. But even outside the RootDirectory= case this setting is useful to substantially reduce the attack surface of a service. Example command to test this: systemd-run -p PrivateUsers=1 -p User=foobar -t /bin/sh This runs a shell as user "foobar". When typing "ps" only processes owned by "root", by "foobar", and by "nobody" should be visible.		2016-08-03 20:42:04 +02:00
.github	documentation: add a short document describing how to test your systemd build tree (#3763 )	2016-07-20 22:15:54 -04:00
catalog	catalog: make support URL to show in shipped catalog entries configurable (#3597 )	2016-06-26 17:43:37 +02:00
coccinelle	tree-wide: htonl() is weird, let's use htobe32() instead (#3538 )	2016-06-15 01:26:01 +02:00
docs	docs: add .gitignore	2015-07-06 17:47:38 +02:00
factory/etc	factory: remove broken pam_limits	2014-07-30 15:21:54 +02:00
hwdb	hwdb: compress the various Lenovo 40, 50 and *60 series (#3877 )	2016-08-03 13:12:37 +02:00
m4	build-sys: Perform flag tests in context to existing flags	2016-02-06 14:57:46 +01:00
man	core: add new PrivateUsers= option to service execution	2016-08-03 20:42:04 +02:00
network	network: allow LLDP packets to cross non-customer bridges for container network interfaces	2016-05-09 15:45:31 +02:00
po	PO: italian updates (#3761 )	2016-07-20 13:02:28 +02:00
rules	rules: make sure always set at least one property on rfkill devices	2016-07-20 09:17:57 +02:00
shell-completion	doc,core: Read{Write,Only}Paths= and InaccessiblePaths=	2016-07-19 17:22:02 +02:00
src	core: add new PrivateUsers= option to service execution	2016-08-03 20:42:04 +02:00
sysctl.d	treewide: fix typos and remove accidental repetition of words	2016-07-11 16:18:43 +02:00
system-preset	preset: enable machines.target by default	2014-12-29 17:36:57 +01:00
sysusers.d	remove bus-proxyd	2016-02-12 19:10:01 +01:00
test	test: fix test-execute personality tests on ppc64 and aarch64 (#3825 )	2016-08-02 16:22:56 +02:00
tmpfiles.d	treewide: fix typos and remove accidental repetition of words	2016-07-11 16:18:43 +02:00
tools	Remove systemd-bootchart	2016-02-23 13:30:09 +01:00
units	units: add graphical-session-pre.target user unit (#3848 )	2016-08-02 08:56:45 -04:00
xorg	login: support user-bus on dbus1	2015-08-31 18:12:37 +02:00
.dir-locals.el	editors: only extend line width to 119 for C and XML files	2016-02-10 12:29:32 +01:00
.editorconfig	editors: only extend line width to 119 for C and XML files	2016-02-10 12:29:32 +01:00
.gitattributes	git: indicate that tabs are never OK in the systemd tree	2013-10-30 02:25:38 +01:00
.gitignore	keymap-util: add tests and fix one small bug	2016-06-06 09:22:33 -04:00
.mailmap	NEWS: update mailmap to bring NEWS and "make git-contrib" in line	2016-07-25 15:03:46 +02:00
.travis.yml	remove gudev and gtk-doc	2015-06-03 00:22:53 +02:00
.vimrc	vimrc: fix indentation logic for our docbook xml files	2016-04-29 12:23:34 +02:00
.ycm_extra_conf.py	ycm: update flag blacklist	2014-06-04 15:41:10 -04:00
CODING_STYLE	CODING_STYLE fixes (#3804 )	2016-07-25 22:34:42 +03:00
DISTRO_PORTING	build-sys: warn if people don't change the default NTP servers when building systemd	2015-07-11 14:24:29 -03:00
HACKING	documentation: add a short document describing how to test your systemd build tree (#3763 )	2016-07-20 22:15:54 -04:00
LICENSE.GPL2	relicense to LGPLv2.1 (with exceptions)	2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1	licence: remove references to old FSF address	2012-12-17 11:41:31 +01:00
Makefile-man.am	nss: add new "nss-systemd" NSS module for mapping dynamic users	2016-07-22 15:53:45 +02:00
Makefile.am	test: fix test-execute personality tests on ppc64 and aarch64 (#3825 )	2016-08-02 16:22:56 +02:00
NEWS	journald: deprecate SplitMode=login (#3805 )	2016-07-26 08:19:33 +02:00
README	nss: add new "nss-systemd" NSS module for mapping dynamic users	2016-07-22 15:53:45 +02:00
README.md	documentation: add a short document describing how to test your systemd build tree (#3763 )	2016-07-20 22:15:54 -04:00
TODO	update TODO	2016-07-22 15:53:45 +02:00
autogen.sh	Ensure kdbus isn't used (#3501 )	2016-06-18 17:24:23 -04:00
configure.ac	build-sys: conditionally disable LTO if requested (#3823 )	2016-07-28 23:42:45 -04:00
mkosi.build	mkosi: make sure we fail on error	2016-07-19 12:30:34 +02:00
mkosi.default	build-sys: add mkosi hookup (#3731 )	2016-07-15 20:00:44 -04:00

README.md

systemd - System and Service Manager

Details

General information about systemd can be found in the systemd Wiki.

Information about build requirements are provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the HACKING file for information how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.