Merge pull request #4185 from endocode/djalal-sandbox-first-protection-v1

System Internals / systemd - Evgeny Vereshchagin [ya.ru] - 27 September 2016 20:50 UTC

cc23859 Merge pull request #4185 from endocode/djalal-sandbox-first-protection-v1

Makefile.am | 6 +
NEWS | 14 +
TODO | 38 +-
man/systemd.exec.xml | 346 ++++++------
src/basic/fs-util.c | 187 +++++++
src/basic/fs-util.h | 2 +
src/basic/mount-util.c | 71 ++-
src/basic/mount-util.h | 2 +-
src/basic/user-util.c | 32 +-
src/basic/user-util.h | 1 +
src/core/dbus-execute.c | 9 +-
src/core/execute.c | 392 ++++++++++---
src/core/execute.h | 2 +
src/core/load-fragment-gperf.gperf.m4 | 2 +
src/core/main.c | 6 +-
src/core/namespace.c | 586 ++++++++++++++++----
src/core/namespace.h | 3 +
src/core/unit.c | 6 +
src/nspawn/nspawn-mount.c | 34 +-
src/nspawn/nspawn.c | 2 +-
src/run/run.c | 18 +-
src/shared/bus-unit-util.c | 2 +-
src/test/test-execute.c | 26 +
src/test/test-fs-util.c | 96 +++-
src/test/test-ns.c | 14 +-
...xec-inaccessiblepaths-mount-propagation.service | 7 +
...exec-privatedevices-no-capability-mknod.service | 7 +
...xec-privatedevices-yes-capability-mknod.service | 7 +
.../exec-readonlypaths-mount-propagation.service | 7 +
test/test-execute/exec-readonlypaths.service | 7 +
.../exec-readwritepaths-mount-propagation.service | 7 +
units/systemd-hostnamed.service.in | 6 +-
units/systemd-importd.service.in | 8 +-
units/systemd-journal-gatewayd.service.in | 5 +
units/systemd-journal-remote.service.in | 13 +-
units/systemd-journal-upload.service.in | 12 +-
units/systemd-journald.service.in | 4 +-
units/systemd-localed.service.in | 6 +-
units/systemd-logind.service.in | 4 +-
units/systemd-machined.service.in | 4 +-
units/systemd-networkd.service.m4.in | 5 +-
units/systemd-resolved.service.m4.in | 8 +-
units/systemd-timedated.service.in | 6 +-
units/systemd-timesyncd.service.in | 6 +-
units/systemd-udevd.service.in | 5 +-
45 files changed, 1556 insertions(+), 475 deletions(-)

Upstream: github.com

  • Share