mirror of
https://github.com/systemd/systemd
synced 2024-07-21 10:17:21 +00:00
TODO: mention the new Landlock LSM as a way to implement sandboxing for systemd --user
This commit is contained in:
parent
e91035abf0
commit
88511a3712
3
TODO
3
TODO
|
@ -858,6 +858,9 @@ Features:
|
||||||
on PID 1 with the relevant signals, and makes relevant files in /sys and
|
on PID 1 with the relevant signals, and makes relevant files in /sys and
|
||||||
/proc (such as the sysrq stuff) unavailable
|
/proc (such as the sysrq stuff) unavailable
|
||||||
|
|
||||||
|
* Support ReadWritePaths/ReadOnlyPaths/InaccessiblePaths in systemd --user instances
|
||||||
|
via the new unprivileged Landlock LSM (https://landlock.io)
|
||||||
|
|
||||||
* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
|
* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
|
||||||
|
|
||||||
* journalctl: make sure -f ends when the container indicated by -M terminates
|
* journalctl: make sure -f ends when the container indicated by -M terminates
|
||||||
|
|
Loading…
Reference in a new issue