morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 08:25:20 +09:00
Code Issues Packages Projects Releases Wiki Activity
26,965 Commits 1 Branch 0 Tags
0c28d51ac84973904e5f780b024adf8108e69fa1
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Lennart Poettering 0c28d51ac8 units: further lock down our long-running services 
Let's make this an excercise in dogfooding: let's turn on more security
features for all our long-running services.

Specifically:

- Turn on RestrictRealtime=yes for all of them

- Turn on ProtectKernelTunables=yes and ProtectControlGroups=yes for most of
  them

- Turn on RestrictAddressFamilies= for all of them, but different sets of
  address families for each

Also, always order settings in the unit files, that the various sandboxing
features are close together.

Add a couple of missing, older settings for a numbre of unit files.

Note that this change turns off AF_INET/AF_INET6 from udevd, thus effectively
turning of networking from udev rule commands. Since this might break stuff
(that is already broken I'd argue) this is documented in NEWS.
2016-09-25 10:52:57 +02:00
.github
documentation: add a short document describing how to test your systemd build tree (#3763)
2016-07-20 22:15:54 -04:00
catalog
catalog: make support URL to show in shipped catalog entries configurable (#3597)
2016-06-26 17:43:37 +02:00
coccinelle
tree-wide: htonl() is weird, let's use htobe32() instead (#3538)
2016-06-15 01:26:01 +02:00
docs
docs: add .gitignore
2015-07-06 17:47:38 +02:00
factory/etc
factory: remove broken pam_limits
2014-07-30 15:21:54 +02:00
hwdb
hwdb: Update database of Bluetooth company identifiers
2016-09-15 22:09:35 +02:00
m4
build-sys: Perform flag tests in context to existing flags
2016-02-06 14:57:46 +01:00
man
man: shorten the exit status table a bit
2016-09-25 10:52:57 +02:00
network
network: allow LLDP packets to cross non-customer bridges for container network interfaces
2016-05-09 15:45:31 +02:00
po
l10n: update Czech translation (#4203)
2016-09-23 07:11:26 +02:00
rules
rules: introduce disk/by-id (model_serial) symlinks for NVMe drives (#3974)
2016-08-17 14:10:28 +02:00
shell-completion
shell-completion: add --wait to systemd-run completions (#4140)
2016-09-14 22:38:53 +02:00
src
namespace: don't make the root directory of a namespace a mount if it already is one
2016-09-25 10:42:18 +02:00
sysctl.d
treewide: fix typos and remove accidental repetition of words
2016-07-11 16:18:43 +02:00
system-preset
units: synchronize Makefile and presets settings
2016-08-19 09:55:55 -04:00
sysusers.d
remove bus-proxyd
2016-02-12 19:10:01 +01:00
test
networkd: support drop-in directories for .network files
2016-09-16 10:31:58 -04:00
tmpfiles.d
treewide: fix typos and remove accidental repetition of words
2016-07-11 16:18:43 +02:00
tools
Remove systemd-bootchart
2016-02-23 13:30:09 +01:00
units
units: further lock down our long-running services
2016-09-25 10:52:57 +02:00
xorg
login: support user-bus on dbus1
2015-08-31 18:12:37 +02:00
.dir-locals.el
editors: only extend line width to 119 for C and XML files
2016-02-10 12:29:32 +01:00
.editorconfig
editors: only extend line width to 119 for C and XML files
2016-02-10 12:29:32 +01:00
.gitattributes
.gitignore
gitignore: ignore image.raw from mkosi (#4141)
2016-09-14 19:15:21 +02:00
.mailmap
NEWS: update mailmap to bring NEWS and "make git-contrib" in line
2016-07-25 15:03:46 +02:00
.travis.yml
remove gudev and gtk-doc
2015-06-03 00:22:53 +02:00
.vimrc
vimrc: fix indentation logic for our docbook xml files
2016-04-29 12:23:34 +02:00
.ycm_extra_conf.py
ycm: update flag blacklist
2014-06-04 15:41:10 -04:00
autogen.sh
Ensure kdbus isn't used (#3501)
2016-06-18 17:24:23 -04:00
CODING_STYLE
CODING_STYLE fixes (#3804)
2016-07-25 22:34:42 +03:00
configure.ac
build-sys: drop last reference to --have-kdbus
2016-09-09 15:03:11 +01:00
DISTRO_PORTING
docs: add --with-support-url= to distribution porting guide. (#4035)
2016-08-24 20:49:53 +02:00
HACKING
documentation: add a short document describing how to test your systemd build tree (#3763)
2016-07-20 22:15:54 -04:00
LICENSE.GPL2
LICENSE.LGPL2.1
Makefile-man.am
man: document sd_bus_track objects
2016-08-22 14:17:24 +02:00
Makefile.am
build-sys: get rid of move-to-rootlibdir
2016-09-24 15:15:01 +02:00
mkosi.build
mkosi: make sure we fail on error
2016-07-19 12:30:34 +02:00
mkosi.default
build-sys: add mkosi hookup (#3731)
2016-07-15 20:00:44 -04:00
NEWS
NEWS: add a bunch of stuff for the 232 release (#4132)
2016-09-14 07:40:02 +02:00
README
README: document that CONFIG_SECCOMP_FILTER is required for SECCOMP support
2016-09-06 20:25:49 -03:00
README.md
documentation: add a short document describing how to test your systemd build tree (#3763)
2016-07-20 22:15:54 -04:00
TODO
TODO: update networkd TODO
2016-09-15 10:18:22 +05:30

README.md

systemd - System and Service Manager

Build Status
Coverity Scan Status

Details

General information about systemd can be found in the systemd Wiki.

Information about build requirements are provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the HACKING file for information how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 321 MiB
Languages
C 89%
Python 5.1%
Shell 4.5%
Meson 1.2%