dasharo/systemd - systemd - ProxGit

dasharo/systemd

mirror of https://github.com/Dasharo/systemd.git synced 2026-03-06 15:02:31 -08:00

Go to file

Topi Miettinen ddc155b2fd New directives NoExecPaths= ExecPaths=

Implement directives `NoExecPaths=` and `ExecPaths=` to control `MS_NOEXEC`
mount flag for the file system tree. This can be used to implement file system
W^X policies, and for example with allow-listing mode (NoExecPaths=/) a
compromised service would not be able to execute a shell, if that was not
explicitly allowed.

Example:
[Service]
NoExecPaths=/
ExecPaths=/usr/bin/daemon /usr/lib64 /usr/lib

Closes: #17942.

2021-01-29 12:40:52 +00:00

ci: use the recommended meson syntax

2021-01-25 16:01:56 +01:00

.lgtm/cpp-queries

lgtm: complain about accept() [people should use accept4() instead, due to O_CLOEXEC]

2019-04-10 20:03:38 +02:00

Move shared mkosi settings to a single file in mkosi.default.d/

2021-01-06 12:10:58 +00:00

ci: migrate to Semaphore CI 2.0

2021-01-15 20:18:29 +01:00

license: LGPL-2.1+ -> LGPL-2.1-or-later

2020-11-09 13:23:58 +09:00

coccinelle: ignore specific cases to use SYNTHETIC_ERRNO() macro

2020-11-27 14:35:20 +09:00

docs: expose GVARIANT-SERIALIZATION as markdown

2021-01-28 09:55:35 +01:00

man: move 'files' module in NSS 'hosts:' line before myhostname

2020-08-17 18:55:59 +02:00

meson: rename target to update-hwdb-autosuspend

2021-01-27 09:24:30 +01:00

New directives NoExecPaths= ExecPaths=

2021-01-29 12:40:52 +00:00

mkosi.default.d

mkosi: Enable InstallDirectory and SourceFileTransferFinal options

2021-01-06 23:28:34 +00:00

license: LGPL-2.1+ -> LGPL-2.1-or-later

2020-11-09 13:23:58 +09:00

networkd: Enable IPv6SendRA on builtin network files

2021-01-06 20:00:49 +01:00

po: specify LGPL-2.1+ for all translation files

2021-01-28 09:55:36 +01:00

license: LGPL-2.1+ -> LGPL-2.1-or-later

2020-11-09 13:23:58 +09:00

udev: allow kvm group to access vhost-net device

2021-01-13 13:12:26 +04:00

shell-completion

systemctl: add new option to mount image inside a running service namespace

2021-01-21 19:08:40 +00:00

New directives NoExecPaths= ExecPaths=

2021-01-29 12:40:52 +00:00

sysctl.d: shorten comment

2021-01-15 10:33:29 +01:00

license: LGPL-2.1+ -> LGPL-2.1-or-later

2020-11-09 13:23:58 +09:00

New directives NoExecPaths= ExecPaths=

2021-01-29 12:40:52 +00:00

udev: allow kvm group to access vhost-net device

2021-01-13 13:12:26 +04:00

tools: rename helper to match target name

2021-01-28 09:55:35 +01:00

tree-wide: add spdx header on all scripts and helpers

2021-01-28 09:55:35 +01:00

scripts: use 4 space indentation

2019-04-12 08:30:31 +02:00

.clang-format

clang-format: set SpaceBeforeParens to ControlStatementsExceptForEachMacros

2020-11-16 16:57:51 +09:00

.ctags

editors: Prevent ctags from following symlinks

2019-02-15 11:01:20 -08:00

.dir-locals.el

scripts: use 4 space indentation

2019-04-12 08:30:31 +02:00

.editorconfig

editorconfig: add man configuration

2020-05-26 15:37:05 +02:00

.gitattributes

udev: Extract RAM properties from DMI information

2020-12-16 18:32:29 +01:00

.gitignore

Move shared mkosi settings to a single file in mkosi.default.d/

2021-01-06 12:10:58 +00:00

.lgtm.yml

lgtm: drop the TMPDIR/meson workaround

2020-03-03 20:27:42 +01:00

.mailmap

NEWS: update contributors list for v246-pre

2020-07-23 17:30:54 +02:00

.packit.yml

ci: build the Fedora RPMs with -Werror

2021-01-29 11:02:54 +09:00

.vimrc

scripts: use 4 space indentation

2019-04-12 08:30:31 +02:00

.ycm_extra_conf.py

ycm: add doc string for all the functions in configuration file

2017-11-29 13:21:49 -07:00

configure

tree-wide: add spdx header on all scripts and helpers

2021-01-28 09:55:35 +01:00

LICENSE.GPL2

relicense to LGPLv2.1 (with exceptions)

2012-04-12 00:24:39 +02:00

LICENSE.LGPL2.1

licence: remove references to old FSF address

2012-12-17 11:41:31 +01:00

Makefile

tree-wide: add spdx header on all scripts and helpers

2021-01-28 09:55:35 +01:00

meson_options.txt

sysext: new tool for managing "system extensions" for /usr/ + /opt/

2021-01-19 13:41:42 +01:00

meson.build

tools: rename helper to match target name

2021-01-28 09:55:35 +01:00

mkosi.build

meson: Fix update-man-rules when the build dir is not a subdir of the project dir

2021-01-24 17:33:49 +00:00

NEWS

MountAPIVFS: always mount a tmpfs on /run

2021-01-18 17:24:05 +00:00

README

docs: mesonconf is not a valid command, meson configure is

2021-01-12 14:17:48 +09:00

README.md

ci: point the Fossies badge to main

2021-01-21 20:08:44 +01:00

TODO

update TODO

2021-01-19 13:41:42 +01:00

zanata.xml

po: add basic fedora.zanata.org configuration

2018-02-19 13:56:57 +01:00

README.md

System and Service Manager

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Stable branches with backported patches are available in the stable repo.