picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Systemd/src/core
History
Lennart Poettering bbb4e7f39f core: hide /run/credentials whenever namespacing is requested 
Ideally we would like to hide all other service's credentials for all
services. That would imply for us to enable mount namespacing for all
services, which is something we cannot do, both due to compatibility
with the status quo ante, and because a number of services legitimately
should be able to install mounts in the host hierarchy.

Hence we do the second best thing, we hide the credentials automatically
for all services that opt into mount namespacing otherwise. This is
quite different from other mount sandboxing options: usually you have to
explicitly opt into each. However, given that the credentials logic is a
brand new concept we invented right here and now, and particularly
security sensitive it's OK to reverse this, and by default hide
credentials whenever we can (i.e. whenever mount namespacing is
otherwise opt-ed in to).

Long story short: if you want to hide other service's credentials, the
most basic options is to just turn on PrivateMounts= and there you go,
they should all be gone.
 		2020-08-25 19:45:38 +02:00
..
all-units.h core: add spdx header to all-units.h 2019-07-24 05:06:21 +09:00
apparmor-setup.c AppArmor: Support for loading a set of pre-compiled profiles at startup time 2020-06-09 20:27:47 +02:00
apparmor-setup.h AppArmor: Support for loading a set of pre-compiled profiles at startup time 2020-06-09 20:27:47 +02:00
audit-fd.c tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
audit-fd.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
automount.c tree-wide: make use of new relative time events in sd-event.h 2020-07-28 11:24:55 +02:00
automount.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
bpf-devices.c tree-wide: avoid some loaded terms 2020-06-25 09:00:19 +02:00
bpf-devices.h tree-wide: avoid some loaded terms 2020-06-25 09:00:19 +02:00
bpf-firewall.c tree: wide "the the" and other trivial grammar fixes 2020-07-02 09:51:38 +02:00
bpf-firewall.h bpf-firewall: custom BPF programs through IP(Ingress|Egress)FilterPath= 2019-06-25 09:56:16 +02:00
cgroup.c cgroup: Cleanup function usage 2020-08-19 11:41:53 +02:00
cgroup.h cgroup: Cleanup function usage 2020-08-19 11:41:53 +02:00
core-varlink.c core,home,machined: generate description fields for all groups we synthesize 2020-08-07 08:39:52 +02:00
core-varlink.h core: add user/group resolution varlink interface to PID 1 2020-01-15 15:28:55 +01:00
dbus-automount.c shared: split out property get helpers 2020-06-30 15:10:17 +02:00
dbus-automount.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-cgroup.c shared: split out property get helpers 2020-06-30 15:10:17 +02:00
dbus-cgroup.h core: make TasksMax a partially dynamic property 2019-11-14 18:41:54 +01:00
dbus-device.c tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-device.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-execute.c core: add credentials logic 2020-08-25 19:45:35 +02:00
dbus-execute.h core: add ExecStartXYZEx= with dbus support for executable prefixes 2019-05-30 20:41:42 -07:00
dbus-job.c shared: split out property get helpers 2020-06-30 15:10:17 +02:00
dbus-job.h shared: split out BusObjectImplementor APIs 2020-06-30 15:08:35 +02:00
dbus-kill.c shared: split out property get helpers 2020-06-30 15:10:17 +02:00
dbus-kill.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-manager.c shared: split out property get helpers 2020-06-30 15:10:17 +02:00
dbus-manager.h core: implement generic log control API in PID1 too 2020-04-21 17:08:23 +02:00
dbus-mount.c cgroup: Implicit unit_invalidate_cgroup_members_masks 2020-08-19 11:41:53 +02:00
dbus-mount.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-path.c shared: split out property get helpers 2020-06-30 15:10:17 +02:00
dbus-path.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-scope.c cgroup: Implicit unit_invalidate_cgroup_members_masks 2020-08-19 11:41:53 +02:00
dbus-scope.h pid1: add a new AbandonScope() method call on the Manager object 2018-11-09 17:08:59 +01:00
dbus-service.c cgroup: Implicit unit_invalidate_cgroup_members_masks 2020-08-19 11:41:53 +02:00
dbus-service.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-slice.c cgroup: Implicit unit_invalidate_cgroup_members_masks 2020-08-19 11:41:53 +02:00
dbus-slice.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-socket.c cgroup: Implicit unit_invalidate_cgroup_members_masks 2020-08-19 11:41:53 +02:00
dbus-socket.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-swap.c cgroup: Implicit unit_invalidate_cgroup_members_masks 2020-08-19 11:41:53 +02:00
dbus-swap.h tree-wide: beautify remaining copyright statements 2018-06-14 10:20:21 +02:00
dbus-target.c tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-target.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-timer.c shared: split out property get helpers 2020-06-30 15:10:17 +02:00
dbus-timer.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
dbus-unit.c core: remove support for ConditionNull= 2020-08-20 14:01:25 +02:00
dbus-unit.h pid1: convert to the new scheme 2020-05-05 22:40:37 +02:00
dbus-util.c user-util: rework how we validate user names 2020-04-08 17:11:20 +02:00
dbus-util.h user-util: rework how we validate user names 2020-04-08 17:11:20 +02:00
dbus.c pid1: add --bus-introspect 2020-05-05 22:40:44 +02:00
dbus.h pid1: add --bus-introspect 2020-05-05 22:40:44 +02:00
device.c Merge pull request #15265 from fbuihuu/mount-fixes 2020-05-15 11:13:45 +02:00
device.h device: clean up DeviceFound flags set 2018-10-09 21:11:22 +02:00
dynamic-user.c user-util: rework how we validate user names 2020-04-08 17:11:20 +02:00
dynamic-user.h tree-wide: reorder various structures to make them smaller and use fewer cache lines 2019-03-27 18:11:11 +01:00
efi-random.c random-util: add common helper random_write_entropy() for crediting entropy to the kernel's pool 2020-06-24 15:33:27 +02:00
efi-random.h core: take random seed from boot loader and credit it to kernel entropy pool 2019-07-25 18:16:46 +02:00
emergency-action.c feature to honor first shutdown request to completion 2020-06-24 09:42:01 +02:00
emergency-action.h core: change emergency_action() to return void 2019-03-18 16:06:36 +01:00
execute.c core: hide /run/credentials whenever namespacing is requested 2020-08-25 19:45:38 +02:00
execute.h core: add credentials logic 2020-08-25 19:45:35 +02:00
generator-setup.c Split out generator directory setup to a src/core/generator-setup.c 2020-03-27 20:12:44 +01:00
generator-setup.h Split out generator directory setup to a src/core/generator-setup.c 2020-03-27 20:12:44 +01:00
hostname-setup.c core: allow overriding the system hostname with systemd.hostname= on the kernel command line 2020-05-18 20:20:50 +02:00
hostname-setup.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
ima-setup.c headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
ima-setup.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
ip-address-access.c bpf-firewall: optimization for IPAddressXYZ="any" (and unprivileged users) 2019-06-22 19:56:06 +02:00
ip-address-access.h bpf-firewall: optimization for IPAddressXYZ="any" (and unprivileged users) 2019-06-22 19:56:06 +02:00
job.c core/job: adjust whitespace and comment 2020-07-22 17:58:12 +02:00
job.h Revert "job: Don't mark as redundant if deps are relevant" 2020-06-23 11:42:45 +02:00
kill.c core: add support for RestartKillSignal= to override signal used for restart jobs 2019-10-02 14:01:25 +02:00
kill.h core: add support for RestartKillSignal= to override signal used for restart jobs 2019-10-02 14:01:25 +02:00
killall.c killall: update reference to root storage daemon interface docs 2020-01-13 18:53:46 +01:00
killall.h core/killall: Propagate errors and return the number of process left 2019-04-08 19:41:16 +02:00
kmod-setup.c tree-wide: drop libkmod.h when module-util.h is included 2019-11-04 00:30:32 +09:00
kmod-setup.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
load-dropin.c Merge pull request #15940 from keszybz/names-set-optimization 2020-06-10 18:52:08 +02:00
load-dropin.h core: store unit aliases in a separate set 2020-06-10 09:36:58 +02:00
load-fragment-gperf-nulstr.awk
load-fragment-gperf.gperf.m4 core: add credentials logic 2020-08-25 19:45:35 +02:00
load-fragment.c core: add credentials logic 2020-08-25 19:45:35 +02:00
load-fragment.h core: add credentials logic 2020-08-25 19:45:35 +02:00
locale-setup.c tree-wide: drop string.h when string-util.h or friends are included 2019-11-04 00:30:32 +09:00
locale-setup.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
loopback-setup.c tree-wide: drop missing.h 2019-10-31 17:57:03 +09:00
loopback-setup.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
machine-id-setup.c machine-id-setup: don't use KVM or container manager supplied uuid if in chroot env 2020-08-19 18:23:11 +02:00
machine-id-setup.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
macros.systemd.in rpm: include macro name in errors for two args macros too 2020-07-14 19:22:42 +02:00
main.c core: create per-user inaccessible node from the service manager 2020-08-20 10:18:02 +02:00
manager.c core: add credentials logic 2020-08-25 19:45:35 +02:00
manager.h core: add credentials logic 2020-08-25 19:45:35 +02:00
meson.build core: add credentials logic 2020-08-25 19:45:35 +02:00
mount-setup.c core: hide /run/credentials whenever namespacing is requested 2020-08-25 19:45:38 +02:00
mount-setup.h mount-setup: change the system mount propagation to shared by default only at bootup 2020-04-09 10:14:20 +02:00
mount.c core: add credentials logic 2020-08-25 19:45:35 +02:00
mount.h mount: add ReadWriteOnly property to fail on read-only mounts 2020-05-01 13:23:30 +02:00
namespace.c core: hide /run/credentials whenever namespacing is requested 2020-08-25 19:45:38 +02:00
namespace.h core: hide /run/credentials whenever namespacing is requested 2020-08-25 19:45:38 +02:00
org.freedesktop.systemd1.conf pid1: add a new SetShowStatus() bus call to override/restore show status mode 2020-06-11 12:00:32 +02:00
org.freedesktop.systemd1.policy.in core: systemd1.manage-unit-files policy implies systemd1.manage-units 2018-05-18 00:02:58 +09:00
org.freedesktop.systemd1.service Revert "Drop dbus activation stub service" 2019-12-20 17:28:12 +01:00
path.c Merge pull request #15697 from OhNoMoreGit/fix-path-units 2020-06-25 18:23:47 +02:00
path.h core/path: recheck path specs when triggered unit changes state 2020-05-05 13:56:02 +10:00
scope.c pid1: convert to the new scheme 2020-05-05 22:40:37 +02:00
scope.h scope: Support RuntimeMaxSec= directive in scope units 2019-10-28 09:44:31 +01:00
selinux-access.c Revert "selinux: cache enforced status and treat retrieve failure as enforced mode" 2020-07-16 08:49:35 +02:00
selinux-access.h selinux: do preprocessor check only in selinux-access.c 2020-04-29 13:56:40 +02:00
selinux-setup.c selinux: improve comment about getcon_raw semantics 2020-08-05 20:20:45 +02:00
selinux-setup.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
service.c core: add credentials logic 2020-08-25 19:45:35 +02:00
service.h core: let user define start-/stop-timeout behaviour 2020-06-09 10:04:57 +02:00
show-status.c pid1: add new mode systemd.show-status=error and use it when 'quiet' is passed 2020-03-01 11:48:23 +01:00
show-status.h pid1: add new mode systemd.show-status=error and use it when 'quiet' is passed 2020-03-01 11:48:23 +01:00
slice.c core: fix the return value in order to make sure we don't dipatch method return too early 2020-06-05 16:10:40 +02:00
slice.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
smack-setup.c tree-wide: drop dirent.h when dirent-util.h is included 2019-11-04 00:30:32 +09:00
smack-setup.h tree-wide: use proper unicode © instead of (C) where we can 2018-06-14 10:20:20 +02:00
socket.c core: add credentials logic 2020-08-25 19:45:35 +02:00
socket.h Merge pull request #15940 from keszybz/names-set-optimization 2020-06-10 18:52:08 +02:00
swap.c core: add credentials logic 2020-08-25 19:45:35 +02:00
swap.h core: swap priority can be negative 2019-12-04 08:57:08 +01:00
system.conf.in log: add support for prefixing console log messages with current timestamp 2020-02-10 07:01:30 -05:00
systemd.pc.in path: use ROOTPREFIX properly 2020-05-28 23:52:34 +02:00
target.c pid1: target units can fail through dependencies 2020-07-22 17:58:12 +02:00
target.h tree-wide: remove Lennart's copyright lines 2018-06-14 10:20:20 +02:00
timer.c core: don't acquire dual timestamp needlessly if we don't need it in .timer handling 2020-07-21 17:33:47 +02:00
timer.h core: optionally, trigger .timer units on timezone and clock changes 2019-04-02 08:20:10 +02:00
transaction.c core: reset bus error before reuse 2020-08-03 17:54:32 +02:00
transaction.h core: Add triggering job mode 2019-11-05 11:17:38 -08:00
triggers.systemd.in Drop my copyright headers 2018-06-14 13:03:20 +02:00
unit-printf.c Add %l as specifier for the hostname without any domain component 2020-05-07 17:36:44 +02:00
unit-printf.h core: mark unit_*_printf() functions as taking a const Unit* 2019-10-16 16:21:56 +02:00
unit.c core: add credentials logic 2020-08-25 19:45:35 +02:00
unit.h core: add credentials logic 2020-08-25 19:45:35 +02:00
user.conf.in log: add support for prefixing console log messages with current timestamp 2020-02-10 07:01:30 -05:00