summaryrefslogtreecommitdiffstats
path: root/src/core/namespace.h (follow)
Commit message (Expand)AuthorAgeFilesLines
* core: Introduce PrivatePIDs=Daan De Meyer2024-11-051-0/+11
* core: add id-mapped mount support for Exec directoriesAndres Beltran2024-11-011-0/+3
* cgroup: Add support for ProtectControlGroups= private and strictRyan Wilson2024-10-281-0/+2
* core: Refactor ProtectControlGroups= to use enum vs boolRyan Wilson2024-10-281-1/+11
* core/execute: Rename error_path -> reterr_path/ret_path per coding guidelinesRyan Wilson2024-10-271-1/+1
* core: drop implicit support of PrivateTmp=offYu Watanabe2024-10-091-1/+1
* core: drop implicit support of PrivateUsers=offYu Watanabe2024-10-081-1/+1
* core: Add support for PrivateUsers=identityDaan De Meyer2024-09-091-0/+11
* core: rename BindJournalSockets= to BindLogSockets=Mike Yuan2024-09-041-1/+1
* core/namespace: make bind mounted journal sockets nosuid + noexec + nodevMike Yuan2024-09-041-0/+2
* core: introduce BindJournalSockets=Mike Yuan2024-09-031-0/+1
* core: do not imply PrivateTmp with DynamicUser, create a private tmpfs insteadLuca Boccassi2024-06-171-1/+13
* namespace: make setup_namespace() less crazyLennart Poettering2023-10-111-56/+72
* core: Use a subdirectory of /run/ for PrivateDevices=Daan De Meyer2023-10-021-0/+2
* Revert "core: do not leak mount for credentials directory if mount namespace ...Yu Watanabe2023-09-061-1/+0
* core: do not leak mount for credentials directory if mount namespace is enabledYu Watanabe2023-08-221-0/+1
* core: stage /run/host/os-release with a symlink to avoid possible race conditionLuca Boccassi2023-08-161-2/+2
* core: copy the host's os-release for /run/host/os-releaseLuca Boccassi2023-07-181-0/+1
* namespace: Load sidecar verity settings in apply_mount_namespace()Daan De Meyer2023-06-201-7/+1
* tree-wide: hook up image dissection policy logic everywhereLennart Poettering2023-04-051-0/+3
* core: rename "mount_flags" → "mount_propagation_flag" internally where appr...Lennart Poettering2023-03-141-1/+1
* namespace: Modernize shareable namespace functionsDaan De Meyer2023-03-131-2/+2
* core/namespace: mount new sysfs when new network namespace is requestedYu Watanabe2023-02-231-0/+1
* core/namespace: drop unused field in NamespaceInfoYu Watanabe2023-02-231-1/+0
* namespace-util: add namespace_infoChristian Brauner2022-10-041-12/+1
* core: support ExtensionDirectories in user managerLuca Boccassi2022-03-101-0/+1
* core: add ExtensionDirectories= settingLuca Boccassi2022-01-211-0/+1
* core: make DynamicUser=1 and StateDirectory= work with TemporaryFileSystem=/v...Luca Boccassi2021-10-271-0/+1
* Revert "Revert "Mount all fs nosuid when NoNewPrivileges=yes""Yu Watanabe2021-06-251-0/+1
* Revert "Mount all fs nosuid when NoNewPrivileges=yes"Topi Miettinen2021-06-141-1/+0
* Mount all fs nosuid when NoNewPrivileges=yesTopi Miettinen2021-05-261-0/+1
* execute: drop DissectImageFlags parameter from namespace_setup()Lennart Poettering2021-03-161-1/+0
* Remount /dev/mqueue in unshared mount namespace for PrivateIPCXℹ Ruoyao2021-03-031-0/+1
* Refactor network namespace specific functions in generic helpersXℹ Ruoyao2021-03-031-2/+2
* Add ExtensionImages directive to form overlaysLuca Boccassi2021-02-231-1/+11
* tree-wide: return NULL from freeing functionsZbigniew Jędrzejewski-Szmek2021-02-161-2/+2
* tree-wide: use -EINVAL for enum invalid valuesZbigniew Jędrzejewski-Szmek2021-02-101-5/+5
* New directives NoExecPaths= ExecPaths=Topi Miettinen2021-01-291-0/+2
* core: make NotifyAccess= in combination with RootDirectory=/RootImage= workLennart Poettering2021-01-201-0/+1
* core: add DBUS method to bind mount new nodes without service restartLuca Boccassi2021-01-181-0/+2
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
* core/namespace: drop bitfield annotations from boolean fieldsZbigniew Jędrzejewski-Szmek2020-09-221-13/+13
* core: hide /run/credentials whenever namespacing is requestedLennart Poettering2020-08-251-0/+1
* core: introduce ProtectProc= and ProcSubset= to expose hidepid= and subset= p...Lennart Poettering2020-08-241-0/+24
* namespace: move protect_{home|system} into NamespaceInfoLennart Poettering2020-08-241-2/+2
* core: add mount options support for MountImagesLuca Boccassi2020-08-201-0/+1
* core: cleanup unused variablesLuca Boccassi2020-08-201-1/+0
* core: new feature MountImagesLuca Boccassi2020-08-051-0/+13
* service: add new RootImageOptions featureLuca Boccassi2020-07-291-0/+1
* pid1: create ro private tmp dirs when /tmp or /var/tmp is read-onlyZbigniew Jędrzejewski-Szmek2020-07-141-0/+12