systemd - systemd

	Commit message (Collapse)	Author	Age	Files	Lines
*	portable: set PrivateTmp=yes in trusted profile too	Luca Boccassi	2022-07-27	1	-1/+2
\| \| \| \| \| \| \| \|	When running on images you don't want to modify the /tmp directory even if it's writable, and often it will just be read-only. Set PrivateTmp=yes. Fixes https://github.com/systemd/systemd/issues/23592
*	portabled: add BindPaths=/run back into "trusted" policy	Lennart Poettering	2021-01-21	1	-0/+1
\| \| \| \| \| \| \| \| \| \|	This partly reverts fe239c7d7d6227209234100f4e0a36dd952a5587, where I accidentally dropped only line for /run that was unlike the others. Oops. @bluca, thanks for noticing: https://github.com/systemd/systemd/pull/18329#pullrequestreview-573343549
*	portabled: update profiles to current semantics	Lennart Poettering	2021-01-20	4	-7/+0
\| \| \| \| \| \| \| \|	MountAPIVFS= implicitly mounts /run as tmpfs now, no need to do this explicitly. The notification socket is now implicitly mounted too, if NotifyAccess= and RootImage=/RootDirectory= are used together.
*	portable: add SystemCallFilter=@system-service to the three main portable ↵	Lennart Poettering	2018-06-14	3	-0/+6
\| \| \| \| \| \| \|	service profiles … but leave the "trusted" profile unmodified, it shall have full access to all system calls, as before.
*	add new portable service framework	Lennart Poettering	2018-05-24	4	-0/+96
	This adds a small service "systemd-portabled" and a matching client "portablectl", which implement the "portable service" concept. The daemon implements the actual operations, is PolicyKit-enabled and is activated on demand with exit-on-idle. Both the daemon and the client are an optional build artifact, enabled by default rhough.