Lennart Poettering
5076f0ccfd
nspawn: introduce new --capabilities= flag and make use of it in the nspawn test case
2012-06-28 14:05:16 +02:00
Kay Sievers
d2e54fae5c
mkdir: append _label to all mkdir() calls that explicitly set the selinux context
2012-05-31 12:40:20 +02:00
Lennart Poettering
ec8927ca59
main: add configuration option to alter capability bounding set for PID 1
...
This also ensures that caps dropped from the bounding set are also
dropped from the inheritable set, to be extra-secure. Usually that should
change very little though as the inheritable set is empty for all our uses
anyway.
2012-05-24 04:00:56 +02:00
Kay Sievers
9eb977db5b
util: split-out path-util.[ch]
2012-05-08 02:33:10 +02:00
Lennart Poettering
bc2f673ec2
nspawn: add --read-only switch
2012-04-25 15:11:20 +02:00
Lennart Poettering
2547bb414c
nspawn: bind mount /etc/resolv.conf from the host by default
2012-04-25 15:08:00 +02:00
Lennart Poettering
144f0fc0c8
nspawn: add --uuid= switch to allow setting the machine id for the container
2012-04-22 14:48:21 +02:00
Lennart Poettering
0f0dbc46cc
nspawn: add -b switch to automatically look for an init binary
2012-04-22 14:11:32 +02:00
Lennart Poettering
3a74cea5e4
nspawn: be more careful when initializing the hostname from the directory name
2012-04-22 01:01:22 +02:00
Lennart Poettering
f1e5dfe2c0
nspawn: make /dev/kmsg unavailable in the container, but allow access to /proc/kmsg
2012-04-22 00:32:53 +02:00
Kay Sievers
4d46fec56d
remove MS_* which can not be combined with current kernel code
...
MS_BIND|MS_MOVE can not be combined:
do_mount()
else if (flags & MS_BIND)
do_loopback(&path, dev_name, flags & MS_REC);
[...]
else if (flags & MS_MOVE)
do_move_mount(&path, dev_name);
MS_REMOUNT|MS_UNBINDABLE can not be combined:
do_mount()
if (flags & MS_REMOUNT)
do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page);
[...]
else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE))
do_change_type(&path, flags);
2012-04-18 13:37:45 +02:00
Lennart Poettering
b562f5a57d
build-sys: add stub makefiles to all subdirs to ease development with emacs
2012-04-13 21:37:59 +02:00
Lennart Poettering
9537eab070
nspawn: add missing include lines
2012-04-13 21:37:59 +02:00
Lennart Poettering
e58a12770c
nspawn: fake /dev/kmsg and /proc/kmsg as fifo
2012-04-13 18:52:52 +02:00
Kay Sievers
dce818b390
move all tools to subdirs
2012-04-12 17:54:42 +02:00