systemd/src/nspawn at ee859930d3528ea0843b3da588315df349824216 - systemd - Gitea

morgan/systemd

mirror of https://github.com/morgan9e/systemd synced 2026-04-14 16:37:19 +09:00

Files

History

Lennart Poettering 8e5430c4bd nspawn: set up a new session keyring for the container process

keyring material should not leak into the container. So far we relied on
seccomp to deny access to the keyring, but given that we now made the
seccomp configurable, and access to keyctl() and friends may optionally
be permitted to containers now let's make sure we disconnect the callers
keyring from the keyring of PID 1 in the container.

2017-09-22 15:28:04 +02:00

..

meson.build

meson: reindent all files with 8 spaces

2017-04-23 21:47:29 -04:00

nspawn-cgroup.c

Be slightly more verbose in error message

2017-07-02 12:03:56 -04:00

nspawn-cgroup.h

nspawn: cleanup and chown the synced cgroup hierarchy (#4223 )

2016-10-13 09:50:46 -04:00

nspawn-expose-ports.c

core: introduce parse_ip_port (#4825 )

2016-12-06 12:21:45 +01:00

nspawn-expose-ports.h

tree-wide: remove Emacs lines from all files

2016-02-10 13:41:57 +01:00

nspawn-gperf.gperf

nspawn: implement configurable syscall whitelisting/blacklisting

2017-09-12 14:06:21 +02:00

nspawn-mount.c

nspawn: do not mount /sys/fs/kdbus

2017-07-23 12:03:00 -04:00

nspawn-mount.h

nspawn: Add support for sysroot pivoting (#5258 )

2017-02-08 16:54:31 +01:00

nspawn-network.c

Fix includes (#5980 )

2017-05-19 10:01:35 -04:00

nspawn-network.h

nspawn: add new --network-zone= switch for automatically managed bridge devices

2016-05-09 15:45:31 +02:00

nspawn-patch-uid.c

fs-util: unify code we use to check if dirent's d_name is "." or ".."

2017-02-02 00:06:18 +01:00

nspawn-patch-uid.h

nspawn: optionally fix up OS tree uid/gids for userns

2016-04-25 12:15:57 +02:00

nspawn-register.c

nspawn: wait for the scope to be created (#6261 )

2017-07-03 07:59:49 +02:00

nspawn-register.h

nspawn: register a scope for the unit if --register=no is specified (#6166 )

2017-06-28 13:22:46 -04:00

nspawn-seccomp.c

nspawn: replace syscall blacklist by a whitelist

2017-09-14 15:45:21 +02:00

nspawn-seccomp.h

nspawn: implement configurable syscall whitelisting/blacklisting

2017-09-12 14:06:21 +02:00

nspawn-settings.c

nspawn: implement configurable syscall whitelisting/blacklisting

2017-09-12 14:06:21 +02:00

nspawn-settings.h

nspawn: implement configurable syscall whitelisting/blacklisting

2017-09-12 14:06:21 +02:00

nspawn-setuid.c

Use "return log_error_errno" in more places"

2016-07-22 21:25:09 -04:00

nspawn-setuid.h

tree-wide: remove Emacs lines from all files

2016-02-10 13:41:57 +01:00

nspawn-stub-pid1.c

nspawn: make sure to send SIGTERM/SIGHUP to the main nspawn process if stubinit receives SIGRTMIN+3 (#6167 )

2017-06-22 22:20:09 -04:00

nspawn-stub-pid1.h

nspawn: flush out environment block of the -a stub init process

2016-12-14 18:29:30 +01:00

nspawn.c

nspawn: set up a new session keyring for the container process

2017-09-22 15:28:04 +02:00

test-patch-uid.c

nspawn: optionally fix up OS tree uid/gids for userns

2016-04-25 12:15:57 +02:00