morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 16:37:19 +09:00
Code Issues Packages Projects Releases Wiki Activity
29,881 Commits 1 Branch 0 Tags
960e4569e17abf7c84f07b697d57ac7d0418edfc
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Lennart Poettering 960e4569e1 nspawn: implement configurable syscall whitelisting/blacklisting 
Now that we have ported nspawn's seccomp code to the generic code in
seccomp-util, let's extend it to support whitelisting and blacklisting
of specific additional syscalls.

This uses similar syntax as PID1's support for system call filtering,
but in contrast to that always implements a blacklist (and not a
whitelist), as we prepopulate the filter with a blacklist, and the
unit's system call filter logic does not come with anything
prepopulated.

(Later on we might actually want to invert the logic here, and
whitelist rather than blacklist things, but at this point let's not do
that. In case we switch this over later, the syscall add/remove logic of
this commit should be compatible conceptually.)

Fixes: #5163

Replaces: #5944
2017-09-12 14:06:21 +02:00
.github
CONTRIBUTING: stop mentioning "make check"
2017-08-21 09:47:07 +02:00
.mkosi
mkosi.arch: fix comment (#6470)
2017-07-28 09:24:12 +02:00
catalog
build-sys: drop gitignore patterns for in-tree builds
2017-07-18 10:05:06 -04:00
coccinelle
tree-wide: drop NULL sentinel from strjoin
2016-10-23 11:43:27 -04:00
docs
build-sys: drop gitignore patterns for in-tree builds
2017-07-18 10:05:06 -04:00
factory/etc
hwdb
hwdb: Add ACCEL_MOUNT_MATRIX for the Lamina T-1016B.NORD 2-in-1 tablet (#6430)
2017-09-11 09:56:57 +02:00
man
nspawn: implement configurable syscall whitelisting/blacklisting
2017-09-12 14:06:21 +02:00
modprobe.d
modprobe.d: ship drop-in to set bonding max_bonds to 0 (#6448)
2017-08-02 08:41:18 -04:00
network
build-sys: drop automake support
2017-07-18 10:04:44 -04:00
po
Added Romanian Translation (#6674)
2017-08-28 18:24:09 +02:00
rules
assemble multidevice btrfs volumes without external tools (#6607)
2017-09-07 09:58:12 +02:00
shell-completion
analyze: add get-log-level, get-log-target verbs
2017-09-07 23:55:59 +02:00
src
nspawn: implement configurable syscall whitelisting/blacklisting
2017-09-12 14:06:21 +02:00
sysctl.d
build-sys: drop gitignore patterns for in-tree builds
2017-07-18 10:05:06 -04:00
system-preset
build-sys: drop automake support
2017-07-18 10:04:44 -04:00
sysusers.d
units,sysusers: use DynamicUser= for journal-gatewayd and drop user systemd-journal-gateway from sysusers
2017-07-28 13:37:10 +09:00
test
test: drop Exec* prefixes to obtain paths of executables
2017-08-30 16:00:07 +09:00
tmpfiles.d
tmpfiles: drop systemd-remote.conf
2017-08-08 12:17:07 +09:00
tools
meson: install the git hook (#6425)
2017-07-24 10:41:45 +02:00
units
units: remove unnecessary Requires= and After= in system.slice (#6794)
2017-09-11 10:35:51 +02:00
xorg
login: support user-bus on dbus1
2015-08-31 18:12:37 +02:00
.dir-locals.el
meson: also indent scripts with 8 spaces
2017-04-25 08:49:16 -04:00
.editorconfig
editorconfig: add rule for meson.build files (#6671)
2017-08-28 16:37:23 +02:00
.gitattributes
.gitignore
build-sys: drop gitignore patterns for in-tree builds
2017-07-18 10:05:06 -04:00
.mailmap
mailmap: add entry
2017-07-18 10:04:44 -04:00
.travis.yml
remove gudev and gtk-doc
2015-06-03 00:22:53 +02:00
.vimrc
vimrc: fix indentation logic for our docbook xml files
2016-04-29 12:23:34 +02:00
.ycm_extra_conf.py
CODING_STYLE
tree-wide: set SA_RESTART for signal handlers we install
2016-12-01 12:41:17 +01:00
configure
build-sys: add basic support for ./configure && make && make install
2017-07-18 10:05:06 -04:00
DISTRO_PORTING
DISTRO_PORTING: document that distros may/should change fallback DNS as well as fallback NTP if they wish
2017-07-24 11:49:16 +02:00
ENVIRONMENT.md
Rename $TEST_DIR to $SYSTEMD_TEST_DATA, document it
2017-02-16 21:36:31 +01:00
HACKING
HACKING: update for meson
2017-07-18 10:05:06 -04:00
LICENSE.GPL2
LICENSE.LGPL2.1
Makefile
build-sys: Fix Makefile wrapper for install target (#6548)
2017-08-07 11:29:20 +02:00
meson_options.txt
Merge pull request #6420 from keszybz/gateway-name
2017-08-01 09:43:41 +02:00
meson.build
build-sys: make nonnull warning non-fatal (#6742)
2017-09-04 18:49:12 +02:00
mkosi.build
mkosi: use '[' rather than 'test' everywhere
2017-07-20 14:37:05 +02:00
mkosi.default
mkosi: create .mkosi directory
2016-10-06 11:53:58 -04:00
NEWS
analyze: add get-log-level, get-log-target verbs
2017-09-07 23:55:59 +02:00
README
README: note that installing valgrind-devel maybe useful to developers (#6502)
2017-08-30 13:07:43 +02:00
README.md
README: include small graphs of open issues and pull requests (#5576)
2017-03-13 08:10:04 +01:00
TODO
update TODO
2017-08-31 18:30:16 +02:00

README.md

systemd - System and Service Manager

Count of open issues over time Count of open pull requests over time Build Status
Coverity Scan Status

Details

General information about systemd can be found in the systemd Wiki.

Information about build requirements are provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the HACKING file for information how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 321 MiB
Languages
C 89%
Python 5.1%
Shell 4.5%
Meson 1.2%