systemd

mirror of https://github.com/systemd/systemd.git synced 2024-11-01 00:51:24 +03:00

The systemd System and Service Manager

Go to file

Iago López Galeiras 021d1e9612 bpf: add restrict_fs BPF program It hooks into the file_open LSM hook and allows only when the filesystem where the open will take place is present in a BPF map for a particular cgroup. The BPF map used is a hash of maps with the following structure: cgroupID -> (s_magic -> uint32) The inner map is effectively a set. The entry at key 0 in the inner map encodes whether the program behaves as an allow list or a deny list: if its value is 0 it is a deny list, otherwise it is an allow list. When the cgroupID is present in the map, the program checks the inner map for the magic number of the filesystem associated with the file that's being opened. When the program behaves as an allow list, if that magic number is present it allows the open to succeed, when the program behaves as a deny list, it only allows access if the that magic number is NOT present. When access is denied the program returns -EPERM. The BPF program uses CO-RE (Compile-Once Run-Everywhere) to access internal kernel structures without needing kernel headers present at runtime.		2021-10-06 10:52:14 +02:00
.github	ci: use LGPLv2+ for all our ci configuration	2021-10-01 14:45:00 +02:00
.lgtm/cpp-queries	lgtm: complain about accept() [people should use accept4() instead, due to O_CLOEXEC]	2019-04-10 20:03:38 +02:00
.semaphore	ci: use LGPLv2+ for all our ci configuration	2021-10-01 14:45:00 +02:00
catalog	units: added factory-reset.target	2021-08-10 17:08:00 +02:00
coccinelle	licensing: add spdx to our .cocci files	2021-10-01 14:45:00 +02:00
docs	add LICENSES/README.md explaining the license situation	2021-10-01 17:27:34 +01:00
factory/etc	pam: fix typo try_authtok → use_authtok	2021-05-12 12:14:17 +02:00
hwdb.d	reduce the fuzz values in evdev hwdb for Asus UX362FA	2021-10-01 10:49:01 +02:00
LICENSES	man/glib-event-glue example: relicense to CC0-1.0	2021-10-04 11:05:22 +02:00
man	man: document the new DefaultOOMScoreAdjust= setting	2021-10-04 16:27:11 +02:00
mkosi.default.d	Revert "mkosi: turn off qemu headless mode"	2021-09-24 14:20:40 +02:00
modprobe.d	meson: install the right README file in modprobe.d	2021-07-07 14:52:05 +02:00
network	licensing: add missing header to one .network file	2021-10-01 14:45:00 +02:00
po	po: Translated using Weblate (Kabyle)	2021-10-03 18:05:00 +02:00
presets	boot: optionally update sd-boot on boot	2021-07-30 17:19:55 +02:00
rules.d	docs: Fixing typo in systemd.device man page and README.	2021-09-29 22:18:38 +01:00
shell-completion	licensing: add forgotten spdx headers	2021-10-01 14:45:00 +02:00
src	bpf: add restrict_fs BPF program	2021-10-06 10:52:14 +02:00
sysctl.d	meson: use a/b instead of join_paths(a,b)	2021-07-27 19:32:35 +02:00
sysusers.d	meson: allow "soft-static" allocations for uids and gids in the initrd	2021-06-17 09:48:28 +02:00
test	Merge pull request #20892 from yuwata/test-network-preferred-lifetime-zero	2021-10-04 18:40:59 -07:00
tmpfiles.d	tmpfiles.d: remove .Test-unix, it's obsolete	2021-08-31 10:57:37 +02:00
tools	tree-wide: fix SPDX short identifier for LGPL-2.1-or-later	2021-10-01 17:27:34 +01:00
units	units: run user service managers at OOM score adjustment 100	2021-10-04 16:27:10 +02:00
xorg	xorg/50-systemd-user: add a full license header	2021-10-01 14:45:00 +02:00
.clang-format	clang-format: set SpaceBeforeParens to ControlStatementsExceptForEachMacros	2020-11-16 16:57:51 +09:00
.ctags	editors: Prevent ctags from following symlinks	2019-02-15 11:01:20 -08:00
.dir-locals.el	scripts: use 4 space indentation	2019-04-12 08:30:31 +02:00
.editorconfig	editorconfig: set maximum line length to 109 for man/*.xml files	2021-09-30 13:45:34 +02:00
.gitattributes	udev: Extract RAM properties from DMI information	2020-12-16 18:32:29 +01:00
.gitignore	gitignore: only ignore local.conf" under mkosi.default.d/	2021-09-03 13:15:52 +02:00
.lgtm.yml	ci: bump meson version in LGTM	2021-07-28 11:26:10 +02:00
.mailmap	mailmap: two more names	2021-03-30 13:17:58 +02:00
.packit.yml	Revert "ci: temporarily set -Wno-deprecated-declarations in Packit"	2021-09-29 15:04:24 +02:00
.vimrc	scripts: use 4 space indentation	2019-04-12 08:30:31 +02:00
.ycm_extra_conf.py	ycm: add doc string for all the functions in configuration file	2017-11-29 13:21:49 -07:00
configure	tools: shellcheck-ify tool scripts	2021-09-30 12:27:06 +02:00
LICENSE.GPL2
LICENSE.LGPL2.1
Makefile	tree-wide: add spdx header on all scripts and helpers	2021-01-28 09:55:35 +01:00
meson_options.txt	meson: allow extra net naming schemes to be defined during configuration	2021-09-28 14:22:40 +02:00
meson.build	Add all other applicable licenses under LICENSES/	2021-10-01 17:27:34 +01:00
mkosi.build	licensing: add forgotten spdx headers	2021-10-01 14:45:00 +02:00
NEWS	Merge pull request #20219 from khfeng/use-intel-hid-rfkill	2021-09-29 18:53:22 +02:00
README	add LICENSES/README.md explaining the license situation	2021-10-01 17:27:34 +01:00
README.md	CI: add code coverage reports via lcov and coveralls.io	2021-09-27 12:22:22 +01:00
TODO	update TODO	2021-09-28 17:06:51 +02:00

README.md

System and Service Manager

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Stable branches with backported patches are available in the stable repo.