projects / systemd / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7f396e5) | patch
units: restrict namespace for a good number of our own services
authorLennart Poettering <lennart@poettering.net>
Thu, 9 Feb 2017 09:28:23 +0000 (10:28 +0100)
committerLennart Poettering <lennart@poettering.net>
Thu, 9 Feb 2017 15:12:03 +0000 (16:12 +0100)
commit3c19d0b46bb05aef5dcaa2ce83c31b15ee8ae11b
treeb2219c2de686c483c19b857993ed5a1c9edac879tree | snapshot
parent7f396e5f66e91caf450890c34bc9e00b717aae86commit | diff
units: restrict namespace for a good number of our own services

Basically, we turn it on for most long-running services, with the
exception of machined (whose child processes need to join containers
here and there), and importd (which sandboxes tar in a CLONE_NEWNET
namespace). machined is left unrestricted, and importd is restricted to
use only "net"
units/systemd-hostnamed.service.in diff | blob | history
units/systemd-importd.service.in diff | blob | history
units/systemd-journal-gatewayd.service.in diff | blob | history
units/systemd-journal-remote.service.in diff | blob | history
units/systemd-journal-upload.service.in diff | blob | history
units/systemd-journald.service.in diff | blob | history
units/systemd-localed.service.in diff | blob | history
units/systemd-logind.service.in diff | blob | history
units/systemd-timedated.service.in diff | blob | history
units/systemd-timesyncd.service.in diff | blob | history
https://github.com/systemd/systemd.git