morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 16:37:19 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
783b40bd73aafa5993a64f7a795f2f91def3c487
systemd/src/core
History
Lennart Poettering 6431c34b8a namespace-util: make "setgroups" users property writable via userns_acquire() 
Unprivileged namespaces are only allowed if the "setgroups" file is set
to "deny" for processes. And we need to write it before writing the
gidmap. Hence add a parameter for that.

Then, also patch all current users to actually enable this. The usecase
generally don't need it (because they don't care about unprivileged
userns), but it doesn't hurt to enable the concept anyway in all current
users (none of them actually runs complex userspace in them, but they
mostly use userns_acquire() for idmapped mounts and similar).

Let's anyway make this option explicit in the function call, to indicate
that the concept exists and is applied.
2025-03-17 16:03:18 +01:00
..
bpf
bpf-socket-bind: fix unexpected behavior with either 0 allow or deny rules
2024-03-24 11:08:58 +00:00
all-units.h
apparmor-setup.c
core: dlopen()'ify libapparmor
2025-02-21 14:22:51 +01:00
apparmor-setup.h
audit-fd.c
core: use shared audit-fd wrappers
2025-01-15 10:35:28 +01:00
audit-fd.h
core: use shared audit-fd wrappers
2025-01-15 10:35:28 +01:00
automount.c
tree-wide: drop unnecessary break in default branch
2025-03-06 11:42:20 +01:00
automount.h
bpf-devices.c
basic/linux: update kernel headers from v6.10-rc3
2024-06-20 02:35:35 +09:00
bpf-devices.h
bpf-firewall.c
core/cgroup: call bpf_firewall_close in cgroup_runtime_free
2024-06-28 15:38:56 +02:00
bpf-firewall.h
core/cgroup: call bpf_firewall_close in cgroup_runtime_free
2024-06-28 15:38:56 +02:00
bpf-foreign.c
core: split out cgroup specific state fields from Unit → CGroupRuntime
2024-02-16 10:17:40 +01:00
bpf-foreign.h
bpf-restrict-fs.c
pid1: lower log level if BPF LSM is not available
2025-03-07 13:25:04 +00:00
bpf-restrict-fs.h
core: split out cgroup specific state fields from Unit → CGroupRuntime
2024-02-16 10:17:40 +01:00
bpf-restrict-ifaces.c
fdset: optionally, close remaining fds asynchronously
2024-10-17 09:48:05 +02:00
bpf-restrict-ifaces.h
core: rename restrict-ifaces.[ch] → bpf-restrict-ifaces.[ch]
2024-01-25 16:11:33 +01:00
bpf-socket-bind.c
fdset: optionally, close remaining fds asynchronously
2024-10-17 09:48:05 +02:00
bpf-socket-bind.h
bpf-socket-bind: rename bpf_serialize_socket_bind() → bpf_socket_bind_serialize()
2024-01-25 16:11:33 +01:00
bpf-util.c
tree-wise: several cleanups for logging
2024-05-01 04:41:06 +09:00
bpf-util.h
cgroup.c
pidref: now that we have the cached pidfdid of our own process, use it
2025-01-20 21:51:40 +01:00
cgroup.h
pidref: now that we have the cached pidfdid of our own process, use it
2025-01-20 21:51:40 +01:00
clock-warp.c
Fix inversion of timesyncd_usec/epoch_usec variables in clock-warp.c
2025-01-30 09:27:03 +01:00
clock-warp.h
manager: apply clock epoch on updates too
2024-06-15 16:20:16 +02:00
core-varlink.c
pid1: don't connect to oomd in test runs
2025-03-13 14:22:13 +01:00
core-varlink.h
core: reliably check if varlink socket has been deserialized
2024-07-23 19:38:57 +02:00
crash-handler.c
core: move CrashAction enum def to crash-handler.[ch]
2025-03-08 20:40:23 +01:00
crash-handler.h
core: move CrashAction enum def to crash-handler.[ch]
2025-03-08 20:40:23 +01:00
dbus-automount.c
dbus-automount.h
dbus-cgroup.c
shared/bus-util: move string set append/get funcs to bus-message-util and bus-get-properties, respectively
2025-01-13 16:55:42 +01:00
dbus-cgroup.h
dbus-device.c
dbus-device.h
dbus-execute.c
basic/linux: import ioprio.h from kernel 6.14-rc4
2025-03-04 02:24:49 +09:00
dbus-execute.h
manager: switch service unit type over to using new handoff timestamping logic
2024-04-25 13:40:41 +02:00
dbus-job.c
core: switch j->unit->manager to j->manager
2024-04-18 20:25:39 +08:00
dbus-job.h
dbus-kill.c
dbus-kill.h
dbus-manager.c
basic/glyph-util: rename "special glyph" to just "glyph"
2025-03-15 14:40:39 +01:00
dbus-manager.h
dbus-mount.c
core/mount: rework GracefulOptions= to be just x-systemd.graceful-option=
2025-02-12 18:16:44 +01:00
dbus-mount.h
dbus-path.c
dbus-path.h
dbus-scope.c
core: cast ignored retval of unit_realize_cgroup to void
2024-06-28 15:43:21 +02:00
dbus-scope.h
dbus-service.c
basic/glyph-util: rename "special glyph" to just "glyph"
2025-03-15 14:40:39 +01:00
dbus-service.h
dbus-slice.c
core: cast ignored retval of unit_realize_cgroup to void
2024-06-28 15:43:21 +02:00
dbus-slice.h
dbus-socket.c
core: Use RateLimit struct to store ratelimits
2024-08-14 14:18:40 +02:00
dbus-socket.h
dbus-swap.c
core: cast ignored retval of unit_realize_cgroup to void
2024-06-28 15:43:21 +02:00
dbus-swap.h
dbus-target.c
dbus-target.h
dbus-timer.c
timer: introduce DeferReactivation setting
2024-10-11 22:54:16 +02:00
dbus-timer.h
dbus-unit.c
pid1: add D-Bus API for removing delegated subcgroups
2025-01-08 15:27:25 +01:00
dbus-unit.h
pid1: add D-Bus API for removing delegated subcgroups
2025-01-08 15:27:25 +01:00
dbus-util.c
core/dbus: add assertions
2024-10-09 06:57:11 +09:00
dbus-util.h
core/dbus: introduce bus_verify_manage_units_async_impl()
2024-10-09 06:55:32 +09:00
dbus.c
manager: explicitly create our private runtime directory
2025-03-13 14:22:13 +01:00
dbus.h
core: serialize API bus id and validate before deserializing bus tracks
2025-01-13 21:52:19 +01:00
device.c
core/device: do not drop backslashes in SYSTEMD_WANTS=/SYSTEMD_USER_WANTS=
2025-01-22 20:41:00 +00:00
device.h
core/device: handle ID_PROCESSING udev property
2024-12-20 10:52:57 +09:00
dynamic-user.c
Drop support for nscd
2024-06-28 18:51:56 +02:00
dynamic-user.h
exec-invoke: don't double-close FDs on error
2023-10-28 16:56:25 +02:00
efi-random.c
chattr-util: drop mostly unused 'previous' argument from chattr_path() and friends
2025-03-04 00:47:12 +09:00
efi-random.h
emergency-action.c
emergency-action: sleep 5s before rebooting in various cases
2025-03-13 17:03:42 +01:00
emergency-action.h
emergency-action: sleep 5s before rebooting in various cases
2025-03-13 17:03:42 +01:00
exec-credential.c
execute: add some minor debug logging
2025-03-13 14:22:13 +01:00
exec-credential.h
core/dbus-service: refuse bind mounting over /run/credentials/
2024-08-17 18:16:20 +02:00
exec-invoke.c
exec: when we have no $TERM configuration, and we default to vt220, also set $COLORTERM
2025-03-17 10:15:51 +01:00
exec-invoke.h
execute-serialize.c
tree-wide: drop unnecessary break in default branch
2025-03-06 11:42:20 +01:00
execute-serialize.h
execute.c
basic: introduce our own sys/mount.h implementation
2025-03-04 02:24:49 +09:00
execute.h
missing_resource.h: RLIMIT_RTTIME is defined since glibc-2.14
2025-03-04 02:24:49 +09:00
executor.c
core: clean up ambient capability logging
2024-07-31 21:40:28 +02:00
fuzz-execute-serialize.c
Add ExtraFileDescriptor property to StartTransientUnit dbus API
2024-10-07 09:01:48 -07:00
fuzz-manager-serialize.c
fuzz-manager-serialize.options
fuzz-unit-file.c
fuzz-unit-file.options
generator-setup.c
generator-setup: use RET_GATHER()
2024-05-29 11:52:40 +02:00
generator-setup.h
ima-setup.c
ima-setup.h
import-creds.c
core/import-creds: use proc_cmdline_get_bool()
2024-07-13 22:58:23 +02:00
import-creds.h
ipe-setup.c
core: load IPE policy on boot
2024-10-02 18:29:43 +02:00
ipe-setup.h
core: load IPE policy on boot
2024-10-02 18:29:43 +02:00
job.c
emergency-action: sleep 5s before rebooting in various cases
2025-03-13 17:03:42 +01:00
job.h
basic: move JobMode from core
2025-01-20 23:19:00 -05:00
kill.c
Fix confusion between killer and prey
2024-06-19 16:22:23 +02:00
kill.h
various: move const ptr indicator to return value
2024-06-19 16:28:28 +02:00
kmod-setup.c
tree-wide: insert a space at the end of comments
2025-01-25 05:24:23 +09:00
kmod-setup.h
load-dropin.c
tree-wide: use strv_extend_strv_consume() where appropriate
2024-09-21 00:53:50 +02:00
load-dropin.h
core/unit: do not use unit path cache in unit_need_daemon_reload()
2024-08-09 19:25:42 +09:00
load-fragment-gperf-nulstr.awk
load-fragment-gperf.gperf.in
core: DelegateNamespaces= does not depend on seccomp (#36580)
2025-03-03 14:34:31 +09:00
load-fragment.c
load-fragment: Fix config_parse_namespace_flags() for DelegateNamespaces=
2025-03-06 14:30:05 +01:00
load-fragment.h
core: Add DelegateNamespaces=
2025-03-01 13:54:58 +01:00
main.c
main: explicitly pick up $COLORTERM + $NO_COLOR from kernel cmdline where we pick up $TERM
2025-03-17 10:17:51 +01:00
main.h
core: move CrashAction enum def to crash-handler.[ch]
2025-03-08 20:40:23 +01:00
manager-dump.c
manager: add list of subscribers to dump info
2024-12-11 12:12:14 -07:00
manager-dump.h
manager-serialize.c
basic/glyph-util: rename "special glyph" to just "glyph"
2025-03-15 14:40:39 +01:00
manager-serialize.h
manager.c
basic/glyph-util: rename "special glyph" to just "glyph"
2025-03-15 14:40:39 +01:00
manager.h
core: serialize API bus id and validate before deserializing bus tracks
2025-01-13 21:52:19 +01:00
meson.build
meson: use install_symlink() where applicable
2025-03-10 02:41:40 +09:00
mount.c
basic/glyph-util: rename "special glyph" to just "glyph"
2025-03-15 14:40:39 +01:00
mount.h
core/mount: rework GracefulOptions= to be just x-systemd.graceful-option=
2025-02-12 18:16:44 +01:00
namespace.c
namespace-util: make "setgroups" users property writable via userns_acquire()
2025-03-17 16:03:18 +01:00
namespace.h
core: Bind mount notify socket to /run/host/notify in sandboxed units (#35573)
2024-12-13 13:48:07 +00:00
org.freedesktop.systemd1.conf
pid1: add D-Bus API for removing delegated subcgroups
2025-01-08 15:27:25 +01:00
org.freedesktop.systemd1.policy.in
org.freedesktop.systemd1.service
path.c
path: Close inotify FD asynchronously
2025-03-04 21:37:58 +01:00
path.h
scope.c
core: do BindMount/MountImage operations in async control process
2024-08-29 12:48:55 +01:00
scope.h
core: split out cgroup specific state fields from Unit → CGroupRuntime
2024-02-16 10:17:40 +01:00
selinux-access.c
core: use shared audit-fd wrappers
2025-01-15 10:35:28 +01:00
selinux-access.h
selinux-setup.c
selinux: kill mac_selinux_free()
2024-06-12 15:21:21 +02:00
selinux-setup.h
service.c
basic/glyph-util: rename "special glyph" to just "glyph"
2025-03-15 14:40:39 +01:00
service.h
core/service: place occurrences of SERVICE_MOUNTING closer to reload states
2024-10-22 19:19:47 +02:00
show-status.c
pid1: use $COLUMNS info in status_vprintf()
2024-07-19 11:44:05 +02:00
show-status.h
slice.c
core/slice: simplify slice_freezer_action a bit
2024-07-17 17:25:23 +02:00
slice.h
core: split out cgroup specific state fields from Unit → CGroupRuntime
2024-02-16 10:17:40 +01:00
smack-setup.c
tree-wide: drop unnecessary break in default branch
2025-03-06 11:42:20 +01:00
smack-setup.h
socket.c
basic/glyph-util: rename "special glyph" to just "glyph"
2025-03-15 14:40:39 +01:00
socket.h
core/socket: trivial coding style cleanups
2024-12-30 21:43:52 +01:00
swap.c
basic/glyph-util: rename "special glyph" to just "glyph"
2025-03-15 14:40:39 +01:00
swap.h
core: split out cgroup specific state fields from Unit → CGroupRuntime
2024-02-16 10:17:40 +01:00
system.conf.in
core: Add systemd.crash_action= kernel command line argument
2024-04-29 14:34:22 +02:00
systemd.pc.in
user-classification: add new "foreign" UID range
2025-01-08 21:41:03 +01:00
taint.c
core/taint: we know we're always running on cgv2 now
2025-03-16 18:02:07 +01:00
taint.h
taint: Add taint_strv() to get taints as an array
2024-08-14 14:18:40 +02:00
target.c
core: use FOREACH_ARRAY at 3 more places
2024-04-10 23:40:53 +08:00
target.h
timer.c
core/manager: introduce manager_add_job_full() which takes extra TransactionAddFlags
2024-10-27 20:02:46 +01:00
timer.h
timer: introduce DeferReactivation setting
2024-10-11 22:54:16 +02:00
transaction.c
core: make refuse_late_merge a proper attr of Job and introduce TRANSACTION_REENQUEUE_ANCHOR
2024-10-27 20:02:47 +01:00
transaction.h
core: make refuse_late_merge a proper attr of Job and introduce TRANSACTION_REENQUEUE_ANCHOR
2024-10-27 20:02:47 +01:00
unit-dependency-atom.c
core: drop effectively unused UNIT_ATOM_PROPAGATE_RESTART
2024-10-27 20:02:46 +01:00
unit-dependency-atom.h
core: drop effectively unused UNIT_ATOM_PROPAGATE_RESTART
2024-10-27 20:02:46 +01:00
unit-printf.c
core: use strdup_to()
2024-03-20 15:18:21 +01:00
unit-printf.h
unit-serialize.c
basic/glyph-util: rename "special glyph" to just "glyph"
2025-03-15 14:40:39 +01:00
unit-serialize.h
unit.c
emergency-action: sleep 5s before rebooting in various cases
2025-03-13 17:03:42 +01:00
unit.h
core: port mount unit inode creation to make_mount_point_inode_from_mode() too
2025-02-18 13:49:24 +01:00
user.conf.in