shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-13 00:58:27 +03:00
Code
79,074 Commits 4 Branches 403 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Lennart Poettering d6b008b01e
Enforce per-user quota on /tmp/ and /dev/shm/ as user logs in (#36010) 
There's finally quota on tmpfs, hence let's use it to make it harder for
users to DoS the system by consuming all disk space in /tmp/ and
/dev/shm/.

This enforces a default limit of 80% quota of the backing fs for these
two dirs for users, but this can be overriden in the user record, if
desired.

This also adds two other interesting features:

1. mount units gain GracefulOptions= which takes optional mount options
that are added only if supported by the kernel. (this is used to enable
usrquota on /tmp/, if available.)
2. The PAM logic in service management now supports reading passwords
from service credentials and via the askpw logic. This used for make
testing easy (so that we can run0 into a homed user which strictly
requires a password).
2025-01-24 12:52:27 +01:00
.clusterfuzzlite
ci: unpin CFLite
2022-04-26 09:13:57 +00:00
.github
mkosi: Add back --preserve-env when running integrationt tests
2025-01-23 12:18:21 +01:00
.obs
OBS: switch to new top-level namespace
2025-01-22 20:34:04 +00:00
.semaphore
Revert "semaphore: skip some tests"
2024-12-13 23:43:28 +00:00
catalog
catalog: update Polish translation
2024-11-28 13:03:31 +01:00
coccinelle
coccinelle: add .gitignore for cache files
2025-01-19 08:27:47 +09:00
docs
user-record: add fields for setting limits on /tmp/ and /dev/shm/
2025-01-23 22:16:24 +01:00
factory
man: don't suggest using pam_unix.so's use_authtok switch
2024-01-17 23:59:05 +00:00
hwdb.d
meson: add install tags for udev and hwdb
2025-01-10 15:15:13 +09:00
LICENSES
boot: Add HWID calculation from SMBIOS strings and matching against a built-in list
2024-11-05 22:29:58 +03:00
man
Enforce per-user quota on /tmp/ and /dev/shm/ as user logs in (#36010)
2025-01-24 12:52:27 +01:00
mime
creds-util: add a concept of "user-scoped" credentials
2024-01-30 17:07:47 +01:00
mkosi.conf.d
mkosi: Don't set -O ^orphan_file in centos stream 9 tools tree
2025-01-21 10:57:29 +01:00
mkosi.coverage
mkosi: Make sure the /coverage directory exists
2024-12-05 22:03:07 +01:00
mkosi.extra
mkosi: move drop-in config for sanitizers
2024-12-10 09:46:29 +09:00
mkosi.extra.common
mkosi: disable multipathd by default
2025-01-16 00:57:07 +09:00
mkosi.images
mkosi: Drop usage of _systemd_QUIET in arch build script
2025-01-24 12:08:27 +01:00
mkosi.repart
mkosi: switch rootfs to ext4
2025-01-22 22:50:52 +00:00
mkosi.sanitizers
mkosi: drop wrapper for unshare
2024-12-14 17:30:01 +09:00
mkosi.uki-profiles
Rework TEST-86-MULTI-PROFILE-UKI
2024-10-21 17:24:14 +02:00
modprobe.d
modprobe: set 'ifb numifbs=0' to avoid autocreating ifb0
2024-01-12 23:24:54 +00:00
network
network: request non-NULL SSID when a wlan interface is configured as station
2024-07-31 10:06:04 +09:00
po
po: Translated using Weblate (French)
2025-01-22 23:43:34 +09:00
presets
presets: Don't enable systemd-homed-firstboot.service by default
2024-06-08 11:29:55 +01:00
profile.d
profile.d: don't bail if $SHELL_* variables are unset
2024-12-11 18:33:41 +00:00
rules.d
udev: add systemd tag to devices tagged with security-device
2025-01-22 21:43:44 +01:00
shell-completion
nspawn: add support for 'managed' userns mode even when we run privileged
2025-01-23 21:48:02 +01:00
src
Enforce per-user quota on /tmp/ and /dev/shm/ as user logs in (#36010)
2025-01-24 12:52:27 +01:00
sysctl.d
sysctl.d: Fix pid_max comment
2023-10-31 13:07:49 +01:00
sysusers.d
udev: set clock group for PTP and RTC devices
2025-01-16 21:12:47 +01:00
test
Enforce per-user quota on /tmp/ and /dev/shm/ as user logs in (#36010)
2025-01-24 12:52:27 +01:00
tmpfiles.d
Revert "link README.logs from tmpfiles.d/legacy.conf only if available"
2024-11-29 14:18:15 +01:00
tools
meson: enable -Wzero-as-null-pointer-constant
2025-01-16 02:26:56 +01:00
units
mntfsd: add api to mount dirs for containers
2025-01-23 21:48:02 +01:00
xorg
xorg/50-systemd-user: add a full license header
2021-10-01 14:45:00 +02:00
.clang-format
Improve the formatting by adding AlignArrayOfStructures and setting it to Right(right justify)
2024-03-06 15:24:23 +01:00
.ctags
editors: Prevent ctags from following symlinks
2019-02-15 11:01:20 -08:00
.dir-locals.el
scripts: use 4 space indentation
2019-04-12 08:30:31 +02:00
.editorconfig
editorconfig: add NEWS whitespace configuration
2023-10-26 22:41:03 +01:00
.gitattributes
Mark all base64 files as generated
2023-08-16 12:49:45 +02:00
.gitignore
Add .venv to gitignore
2024-12-20 15:33:32 +00:00
.mailmap
mailmap: fix entries for Tobias Klauser
2024-12-11 13:55:07 +00:00
.packit.yml
packit: Simplify configuration
2025-01-07 15:18:50 +01:00
.pylintrc
Add .pylintrc to globally suppress warnings we don't really care about
2023-08-10 18:13:29 +02:00
.vimrc
vimrc: explicitly set shiftwidth for the C file type
2023-09-18 13:11:45 +02:00
.ycm_extra_conf.py
ycm: add doc string for all the functions in configuration file
2017-11-29 13:21:49 -07:00
LICENSE.GPL2
relicense to LGPLv2.1 (with exceptions)
2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1
licence: remove references to old FSF address
2012-12-17 11:41:31 +01:00
meson_options.txt
udev: set clock group for PTP and RTC devices
2025-01-16 21:12:47 +01:00
meson.build
build: fail the build if we accidentally drop a "const" qualifier on a parameter
2025-01-20 21:44:23 +01:00
meson.version
meson: update version to 258~devel
2024-12-10 19:30:06 +00:00
mkosi.clangd
mkosi.clangd: Fail on command errors
2024-12-20 20:09:36 +01:00
mkosi.clean
mkosi: Add missing SPDX line
2024-09-22 15:23:08 +02:00
mkosi.conf
mkosi: replace deprecated settings and command with new ones
2025-01-06 12:00:43 +01:00
mkosi.functions
mkosi: Move copying packages to the output directory to the postinst script
2024-10-29 11:28:47 +01:00
mkosi.postinst.chroot
mkosi: Fix authselect systemd-homed feature name
2024-12-21 21:03:03 +01:00
mypy.ini
Move mypy.ini and ruff.toml to top level
2024-11-24 16:47:20 +01:00
NEWS
NEWS: mention OWNER=/GROUP= in udev rules now refuses non-system user/group
2025-01-24 02:33:18 +09:00
README
user-runtime-dir: enforce /tmp/ and /dev/shm/ quota
2025-01-23 22:36:39 +01:00
README.md
OBS: switch to new top-level namespace
2025-01-22 20:34:04 +00:00
ruff.toml
Move mypy.ini and ruff.toml to top level
2024-11-24 16:47:20 +01:00
TODO
Enforce per-user quota on /tmp/ and /dev/shm/ as user logs in (#36010)
2025-01-24 12:52:27 +01:00

README.md

Systemd

System and Service Manager

OBS Packages Status
Semaphore CI 2.0 Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
Fossies codespell report
Weblate
Coverage Status
Packaging status
OpenSSF Scorecard

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel

Stable branches with backported patches are available in the stable repo.

We have a security bug bounty program sponsored by the Sovereign Tech Fund hosted on YesWeHack

Repositories with distribution packages built from git main are available on OBS

Description
The systemd System and Service Manager
cinitlinuxservicessystemsystemd
Readme 565 MiB
Languages
C 89.2%
Python 5.3%
Shell 4.1%
Meson 1.2%