1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-26 03:22:00 +03:00
Commit Graph

117 Commits

Author SHA1 Message Date
Lennart Poettering
d6797c920e namespace: beef up read-only bind mount logic
Instead of blindly creating another bind mount for read-only mounts,
check if there's already one we can use, and if so, use it. Also,
recursively mark all submounts read-only too. Also, ignore autofs mounts
when remounting read-only unless they are already triggered.
2014-06-06 14:37:40 +02:00
Lennart Poettering
5331194c12 core: don't include /boot in effect of ProtectSystem=
This would otherwise unconditionally trigger any /boot autofs mount,
which we probably should avoid.

ProtectSystem= will now only cover /usr and (optionally) /etc, both of
which cannot be autofs anyway.

ProtectHome will continue to cover /run/user and /home. The former
cannot be autofs either. /home could be, however is frequently enough
used (unlikey /boot) so that it isn't too problematic to simply trigger
it unconditionally via ProtectHome=.
2014-06-05 10:03:26 +02:00
Lennart Poettering
1b8689f949 core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mounting /etc read-only
Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit.

With this in place we now have two neat options ProtectSystem= and
ProtectHome= for protecting the OS itself (and optionally its
configuration), and for protecting the user's data.
2014-06-04 18:12:55 +02:00
Lennart Poettering
417116f234 core: add new ReadOnlySystem= and ProtectedHome= settings for service units
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for
a service.

ProtectedHome= uses fs namespaces to mount /home and /run/user
inaccessible or read-only for a service.

This patch also enables these settings for all our long-running services.

Together they should be good building block for a minimal service
sandbox, removing the ability for services to modify the operating
system or access the user's private data.
2014-06-03 23:57:51 +02:00
Nis Martensen
f1721625e7 fix spelling of privilege 2014-05-19 00:40:44 +09:00
Jan Engelhardt
b8bde11658 doc: comma placement corrections and word order
Set commas where there should be some.
Some improvements to word order.
2014-05-07 20:13:27 -04:00
Jan Engelhardt
dca348bcbb doc: corrections to words and forms
This patch exchange words which are inappropriate for a situation,
deletes duplicated words, and adds particles where needed.
2014-05-07 20:13:26 -04:00
Jan Engelhardt
70a44afee3 doc: typographical fine tuning 2014-05-06 23:05:39 +02:00
Lennart Poettering
905826156d man: be more specific when EnvironmentFile= is read
http://lists.freedesktop.org/archives/systemd-devel/2014-March/018004.html
2014-03-25 00:26:09 +01:00
Lennart Poettering
7f8aa67131 core: remove tcpwrap support
tcpwrap is legacy code, that is barely maintained upstream. It's APIs
are awful, and the feature set it exposes (such as DNS and IDENT
access control) questionnable. We should not support this natively in
systemd.

Hence, let's remove the code. If people want to continue making use of
this, they can do so by plugging in "tcpd" for the processes they start.
With that scheme things are as well or badly supported as they were from
traditional inetd, hence no functionality is really lost.
2014-03-24 20:07:42 +01:00
Lennart Poettering
c2c13f2df4 unit: turn off mount propagation for udevd
Keep mounts done by udev rules private to udevd. Also, document how
MountFlags= may be used for this.
2014-03-20 04:16:39 +01:00
Lennart Poettering
907afa0682 man: improve documentation of fs namespace related settings 2014-03-19 22:26:08 +01:00
Lennart Poettering
f1660f96f5 core: drop CAP_MKNOD when PrivateDevices= is set 2014-03-18 17:58:19 +01:00
Lennart Poettering
e66cf1a3f9 core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settings
As discussed on the ML these are useful to manage runtime directories
below /run for services.
2014-03-03 17:55:32 +01:00
Lennart Poettering
f513e420c8 exec: imply NoNewPriviliges= only when seccomp filters are used in user mode 2014-02-26 02:28:52 +01:00
Lennart Poettering
4298d0b512 core: add new RestrictAddressFamilies= switch
This new unit settings allows restricting which address families are
available to processes. This is an effective way to minimize the attack
surface of services, by turning off entire network stacks for them.

This is based on seccomp, and does not work on x86-32, since seccomp
cannot filter socketcall() syscalls on that platform.
2014-02-26 02:19:28 +01:00
Michael Scherer
eef65bf3ee core: Add AppArmor profile switching
This permit to switch to a specific apparmor profile when starting a daemon. This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature.
2014-02-21 03:44:20 +01:00
Lennart Poettering
b67f562c9c man: document $MAINPID 2014-02-19 03:27:03 +01:00
Lennart Poettering
ac45f971a1 core: add Personality= option for units to set the personality for spawned processes 2014-02-19 03:27:03 +01:00
Lennart Poettering
e9642be2cc seccomp: add helper call to add all secondary archs to a seccomp filter
And make use of it where appropriate for executing services and for
nspawn.
2014-02-18 22:14:00 +01:00
Jan Engelhardt
66f756d437 doc: resolve missing/extraneous words or inappropriate forms
Issues fixed:
* missing words required by grammar
* duplicated or extraneous words
* inappropriate forms (e.g. singular/plural), and declinations
* orthographic misspellings
2014-02-17 19:03:07 -05:00
Jan Engelhardt
73e231abde doc: update punctuation
Resolve spotted issues related to missing or extraneous commas, dashes.
2014-02-17 19:03:07 -05:00
Zbigniew Jędrzejewski-Szmek
6db2742802 man: replace STDOUT with standard output, etc.
Actually 'STDOUT' is something that doesn't appear anywhere: in the
stdlib we have 'stdin', and there's only the constant STDOUT_FILENO,
so there's no reason to use capitals. When refering to code,
STDOUT/STDOUT/STDERR are replaced with stdin/stdout/stderr, and in
other places they are replaced with normal phrases like standard
output, etc.
2014-02-14 22:03:40 -05:00
Jason St. John
bcddd5bf80 man: fix grammatical errors and other formatting issues
* standardize capitalization of STDIN, STDOUT, and STDERR
* reword some sentences for clarity
* reflow some very long lines to be shorter than ~80 characters
* add some missing <literal>, <constant>, <varname>, <option>, and <filename> tags
2014-02-14 22:03:40 -05:00
Lennart Poettering
57183d117a core: add SystemCallArchitectures= unit setting to allow disabling of non-native
architecture support for system calls

Also, turn system call filter bus properties into complex types instead
of concatenated strings.
2014-02-13 00:24:00 +01:00
Lennart Poettering
17df7223be core: rework syscall filter
- Allow configuration of an errno error to return from blacklisted
  syscalls, instead of immediately terminating a process.

- Fix parsing logic when libseccomp support is turned off

- Only keep the actual syscall set in the ExecContext, and generate the
  string version only on demand.
2014-02-12 18:30:36 +01:00
Ronny Chevalier
c0467cf387 syscallfilter: port to libseccomp 2014-02-12 18:30:36 +01:00
Lennart Poettering
82adf6af7c nspawn,man: use a common vocabulary when referring to selinux security contexts
Let's always call the security labels the same way:

  SMACK: "Smack Label"
  SELINUX: "SELinux Security Context"

And the low-level encapsulation is called "seclabel". Now let's hope we
stick to this vocabulary in future, too, and don't mix "label"s and
"security contexts" and so on wildly.
2014-02-10 13:18:16 +01:00
Michael Scherer
0d3f7bb3a5 exec: Add support for ignoring errors on SELinuxContext by prefixing it with -, like for others settings.
Also remove call to security_check_context, as this doesn't serve anything, since
setexeccon will fail anyway.
2014-02-10 13:18:16 +01:00
Michael Scherer
7b52a628f8 exec: Add SELinuxContext configuration item
This permit to let system administrators decide of the domain of a service.
This can be used with templated units to have each service in a différent
domain ( for example, a per customer database, using MLS or anything ),
or can be used to force a non selinux enabled system (jvm, erlang, etc)
to start in a different domain for each service.
2014-02-10 13:18:16 +01:00
Lennart Poettering
7f112f50fe exec: introduce PrivateDevices= switch to provide services with a private /dev
Similar to PrivateNetwork=, PrivateTmp= introduce PrivateDevices= that
sets up a private /dev with only the API pseudo-devices like /dev/null,
/dev/zero, /dev/random, but not any physical devices in them.
2014-01-20 21:28:37 +01:00
Zbigniew Jędrzejewski-Szmek
c5b37953b7 man: mention which variables will be expanded in ExecStart 2014-01-09 22:23:42 -05:00
Jan Engelhardt
e0e009c067 man: grammar and wording improvements
This is a recurring submission and includes corrections to:
- missing words, preposition choice.
- change of /lib to /usr/lib, because that is what most distros are
  using as the system-wide location for systemd/udev files.
2013-12-25 22:53:46 -05:00
Jan Engelhardt
b040723ea4 man: improvements to comma placement
This is a recurring submission and includes corrections to:
comma placement.
2013-12-25 22:53:46 -05:00
Lennart Poettering
613b411c94 service: add the ability for units to join other unit's PrivateNetwork= and PrivateTmp= namespaces 2013-11-27 20:28:48 +01:00
Jan Engelhardt
72f4d9669c man: wording and grammar updates
This is a recurring submission and includes corrections to various
issue spotted. I guess I can just skip over reporting ubiquitous comma
placement fixes…
2013-10-15 08:19:49 -04:00
Zbigniew Jędrzejewski-Szmek
59fccd8211 execute.c: always set $SHELL
In e6dca81 $SHELL was added to user@.service. Let's
instead provide it to all units which have a user.
2013-10-02 22:23:56 +02:00
Lennart Poettering
3fde5f30bd man: drop references to "cgroup" wher appropriate
Since cgroups are mostly now an implementation detail of systemd lets
deemphasize it a bit in the man pages. This renames systemd.cgroup(5) to
systemd.resource-control(5) and uses the term "resource control" rather
than "cgroup" where appropriate.

This leaves the word "cgroup" in at a couple of places though, like for
example systemd-cgtop and systemd-cgls where cgroup stuff is at the core
of what is happening.
2013-09-27 00:05:07 +02:00
Zbigniew Jędrzejewski-Szmek
43638332c4 man: add a list of environment variables 2013-09-17 10:26:30 -05:00
Jan Engelhardt
7964042405 man: wording and grammar updates
This is a recurring submission and includes corrections to various
issue spotted. I guess I can just skip over reporting ubiquitous
comma placement fixes…

Highligts in this particular commit:
- the "unsigned" type qualifier is completed to form a full type
  "unsigned int"
- alphabetic -> lexicographic (that way we automatically define how
  numbers get sorted)
2013-09-12 22:09:57 +02:00
Zbigniew Jędrzejewski-Szmek
f4ae69117b man: Add a note about what environment variables are available by default 2013-09-12 09:29:01 -04:00
Jan Engelhardt
6b4991cfde man: wording and grammar updates
This includes regularly-submitted corrections to comma setting and
orthographical mishaps that appeared in man/ in recent commits.

In this particular commit:
- the usual comma fixes
- expand contractions (this is prose)
2013-09-10 18:34:41 +02:00
Maciej Wereski
ea92ae33e0 "-" prefix for InaccessibleDirectories and ReadOnlyDirectories 2013-08-23 12:48:14 -04:00
Lennart Poettering
dc7adf202b man: drop the old cgroup settings from the man pages 2013-07-19 17:23:34 +02:00
Jason St. John
6ed80a4e34 man: use HTTPS links for links that support it 2013-07-16 17:42:56 +02:00
Jan Engelhardt
6a75304e41 man: wording and grammar update 2013-07-13 07:56:11 -04:00
Zbigniew Jędrzejewski-Szmek
d868475ad6 man: document the slice and scope units, add systemd.cgroup(5) 2013-07-12 01:10:04 -04:00
Zbigniew Jędrzejewski-Szmek
05cc726731 man: add more formatting markup 2013-07-02 23:06:22 -04:00
Jason St. John
e9dd9f9547 man: improve grammar and word formatting in numerous man pages
Use proper grammar, word usage, adjective hyphenation, commas,
capitalization, spelling, etc.

To improve readability, some run-on sentences or sentence fragments were
revised.

[zj: remove the space from 'file name', 'host name', and 'time zone'.]
2013-07-02 23:06:22 -04:00
Zbigniew Jędrzejewski-Szmek
74d005783e man: use <constant> for various constants which look ugly with quotes 2013-06-26 19:47:34 -04:00