IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an email to Administrator. User accounts are meant only to access repo and report issues and/or generate pull requests. This is a purpose-specific Git hosting for BaseALT projects. Thank you for your understanding!

Только зарегистрированные пользователи имеют доступ к сервису! Для получения аккаунта, обратитесь к администратору.

shaba/systemd

mirror of https://github.com/systemd/systemd.git synced 2025-03-11 20:58:27 +03:00

Go to file

Lennart Poettering ee8f26180d units: switch from system call blacklist to whitelist

This is generally the safer approach, and is what container managers
(including nspawn) do, hence let's move to this too for our own
services. This is particularly useful as this this means the new
@system-service system call filter group will get serious real-life
testing quickly.

This also switches from firing SIGSYS on unexpected syscalls to
returning EPERM. This would have probably been a better default anyway,
but it's hard to change that these days. When whitelisting system calls
SIGSYS is highly problematic as system calls that are newly introduced
to Linux become minefields for services otherwise.

Note that this enables a system call filter for udev for the first time,
and will block @clock, @mount and @swap from it. Some downstream
distributions might want to revert this locally if they want to permit
unsafe operations on udev rules, but in general this shiuld be mostly
safe, as we already set MountFlags=shared for udevd, hence at least
@mount won't change anything.

2018-06-14 17:44:20 +02:00

github: use multiple issue templates

2018-05-10 07:58:38 -07:00

mkosi: add mkosi snippet for ubuntu, too

2018-06-14 17:44:20 +02:00

Drop my copyright headers

2018-06-14 13:03:20 +02:00

tree-wide: drop !! casts to booleans

2018-06-13 10:52:40 +02:00

Drop my copyright headers

2018-06-14 13:03:20 +02:00

factory: remove broken pam_limits

2014-07-30 15:21:54 +02:00

Drop my copyright headers

2018-06-14 13:03:20 +02:00

seccomp: add new system call filter, suitable as default whitelist for system services

2018-06-14 17:44:20 +02:00

Add SPDX license headers to various assorted files

2017-11-19 19:08:15 +01:00

Drop my copyright headers

2018-06-14 13:03:20 +02:00

Drop my copyright headers

2018-06-14 13:03:20 +02:00

Drop my copyright headers

2018-06-14 13:03:20 +02:00

Drop my copyright headers

2018-06-14 13:03:20 +02:00

shell-completion

Drop my copyright headers

2018-06-14 13:03:20 +02:00

seccomp: explain why we use setuid rather than @setuid in @privileged

2018-06-14 17:44:20 +02:00

Drop my copyright headers

2018-06-14 13:03:20 +02:00

Drop my copyright headers

2018-06-14 13:03:20 +02:00

Drop my copyright headers

2018-06-14 13:03:20 +02:00

Drop my copyright headers

2018-06-14 13:03:20 +02:00

Merge pull request #9301 from keszybz/man-drop-authorgroup

2018-06-14 15:29:24 +02:00

travis: use Fedora 27 as a base image

2018-06-05 12:03:18 +03:00

units: switch from system call blacklist to whitelist

2018-06-14 17:44:20 +02:00

login: avoid external process call

2018-01-12 18:02:57 +01:00

.dir-locals.el

meson: also indent scripts with 8 spaces

2017-04-25 08:49:16 -04:00

.editorconfig

editorconfig: add rule for meson.build files (#6671 )

2017-08-28 16:37:23 +02:00

.gitattributes

git: indicate that tabs are never OK in the systemd tree

2013-10-30 02:25:38 +01:00

.gitignore

Add mkosi.output/ to .gitignore

2017-11-29 14:33:56 +01:00

.mailmap

NEWS: some .mailmap work to clean up contributors list

2018-06-13 14:20:03 +02:00

.travis.yml

Merge pull request #9193 from keszybz/coverity

2018-06-14 09:59:58 +02:00

.vimrc

vimrc: fix indentation logic for our docbook xml files

2016-04-29 12:23:34 +02:00

.ycm_extra_conf.py

ycm: add doc string for all the functions in configuration file

2017-11-29 13:21:49 -07:00

configure

build-sys: add basic support for ./configure && make && make install

2017-07-18 10:05:06 -04:00

LICENSE.GPL2

relicense to LGPLv2.1 (with exceptions)

2012-04-12 00:24:39 +02:00

LICENSE.LGPL2.1

licence: remove references to old FSF address

2012-12-17 11:41:31 +01:00

Makefile

build-sys: Fix Makefile wrapper for install target (#6548 )

2017-08-07 11:29:20 +02:00

meson_options.txt

Drop my copyright headers

2018-06-14 13:03:20 +02:00

meson.build

Drop my copyright headers

2018-06-14 13:03:20 +02:00

mkosi.build

tree-wide: remove Lennart's copyright lines

2018-06-14 10:20:20 +02:00

mkosi.default

mkosi: create .mkosi directory

2016-10-06 11:53:58 -04:00

NEWS

resolve: rename PrivateDNS to DNSOverTLS

2018-06-14 09:57:56 +02:00

README

Turn VALGRIND variable into a meson configuration switch

2018-05-17 09:54:36 -07:00

README.md

README.md: embed the Travis CI badge

2018-06-07 17:53:43 +00:00

TODO

Merge pull request #9199 from poettering/copy-file-atomic

2018-06-14 11:19:22 +02:00

zanata.xml

po: add basic fedora.zanata.org configuration

2018-02-19 13:56:57 +01:00

README.md

systemd - System and Service Manager

Details

General information about systemd can be found in the systemd Wiki.

Information about build requirements are provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the HACKING file for information how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Stable branches with backported patches are available in the stable repo.