system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-24 11:44:41 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity
72365 commits 5 branches 386 tags 516 MiB
C 89%
Python 5.3%
Shell 4.3%
Meson 1.2%
Go to file
Lennart Poettering 8aee931e7a nsresourced: add new daemon for granting clients user namespaces and assigning resources to them 
This adds a small, socket-activated Varlink daemon that can delegate UID
ranges for user namespaces to clients asking for it.

The primary call is AllocateUserRange() where the user passes in an
uninitialized userns fd, which is then set up.

There are other calls that allow assigning a mount fd to a userns
allocated that way, to set up permissions for a cgroup subtree, and to
allocate a veth for such a user namespace.

Since the UID assignments are supposed to be transitive, i.e. not
permanent, care is taken to ensure that users cannot create inodes owned
by these UIDs, so that persistancy cannot be acquired. This is
implemented via a BPF-LSM module that ensures that any member of a
userns allocated that way cannot create files unless the mount it
operates on is owned by the userns itself, or is explicitly
allowelisted.

BPF LSM program with contributions from Alexei Starovoitov.
2024-04-06 16:08:24 +02:00
.clusterfuzzlite ci: unpin CFLite 2022-04-26 09:13:57 +00:00
.github ci: fix commit SHA for stefanbuck/github-issue-parser 2024-04-02 17:19:16 +01:00
.semaphore semaphore: remove workaround for adduser 2024-03-11 11:15:12 +00:00
catalog catalog: update Polish translation 2024-03-12 11:37:17 +01:00
coccinelle cocci: merge mfree.cocci and mfree_return.cocci (#30838) 2024-01-09 12:24:37 +09:00
docs docs: notify example was moved to sd_notify manpage 2024-04-02 22:24:38 +01:00
factory man: don't suggest using pam_unix.so's use_authtok switch 2024-01-17 23:59:05 +00:00
hwdb.d hwdb: fix missing colon (#32108) 2024-04-05 10:18:59 +09:00
LICENSES LICENSES/README.md: fix syntax 2023-07-08 22:33:53 +00:00
man nsresourced: add new daemon for granting clients user namespaces and assigning resources to them 2024-04-06 16:08:24 +02:00
mime creds-util: add a concept of "user-scoped" credentials 2024-01-30 17:07:47 +01:00
mkosi.conf.d Build distribution packages in mkosi 2024-03-07 10:47:19 +01:00
mkosi.images/system libkmod: turn into dlopen() dependency 2024-04-04 18:16:45 +02:00
modprobe.d modprobe: set 'ifb numifbs=0' to avoid autocreating ifb0 2024-01-12 23:24:54 +00:00
network nsresourced: add new daemon for granting clients user namespaces and assigning resources to them 2024-04-06 16:08:24 +02:00
pkg build(deps): bump pkg/debian from 44fe1d4 to e780b50 2024-04-02 11:37:01 +02:00
po po: Translated using Weblate (French) 2024-03-24 16:55:33 +01:00
presets nsresourced: add new daemon for granting clients user namespaces and assigning resources to them 2024-04-06 16:08:24 +02:00
rules.d 99-systemd.rules: rework SYSTEMD_READY logic for device mapper 2024-04-03 12:48:14 +01:00
shell-completion Update _udevadm 2024-03-16 21:51:56 +09:00
src nsresourced: add new daemon for granting clients user namespaces and assigning resources to them 2024-04-06 16:08:24 +02:00
sysctl.d sysctl.d: Fix pid_max comment 2023-10-31 13:07:49 +01:00
sysusers.d Revert "sysusers.d: create the user for systemd-journal-upload.service" 2023-12-04 19:44:10 +01:00
test Merge pull request #31131 from poettering/dlopen-kmod 2024-04-06 13:19:27 +01:00
tmpfiles.d ssh-generator: create privsep dir via tmpfiles.d/ if we are told to 2024-04-04 01:01:10 +09:00
tools git-contrib: use 'git shortlog' command 2024-04-03 10:07:54 +09:00
units nsresourced: add new daemon for granting clients user namespaces and assigning resources to them 2024-04-06 16:08:24 +02:00
xorg xorg/50-systemd-user: add a full license header 2021-10-01 14:45:00 +02:00
.clang-format Improve the formatting by adding AlignArrayOfStructures and setting it to Right(right justify) 2024-03-06 15:24:23 +01:00
.ctags editors: Prevent ctags from following symlinks 2019-02-15 11:01:20 -08:00
.dir-locals.el scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
.editorconfig editorconfig: add NEWS whitespace configuration 2023-10-26 22:41:03 +01:00
.gitattributes Mark all base64 files as generated 2023-08-16 12:49:45 +02:00
.gitignore Update to mkosi v19 2023-11-28 19:54:58 +01:00
.gitmodules Use .git suffix for all submodule urls 2024-03-25 13:27:12 +00:00
.mailmap mailmap: "reduce contributor count by 13" 2023-08-16 12:49:42 +02:00
.packit.yml Revert "packit: temporarily build systemd without BPF stuff" 2024-02-11 16:45:03 +01:00
.pylintrc Add .pylintrc to globally suppress warnings we don't really care about 2023-08-10 18:13:29 +02:00
.vimrc vimrc: explicitly set shiftwidth for the C file type 2023-09-18 13:11:45 +02:00
.ycm_extra_conf.py ycm: add doc string for all the functions in configuration file 2017-11-29 13:21:49 -07:00
LICENSE.GPL2 relicense to LGPLv2.1 (with exceptions) 2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1 licence: remove references to old FSF address 2012-12-17 11:41:31 +01:00
meson.build nsresourced: add new daemon for granting clients user namespaces and assigning resources to them 2024-04-06 16:08:24 +02:00
meson.version meson: Start adding devel and rc suffixes to the project version 2024-02-14 15:36:34 +01:00
meson_options.txt nsresourced: add new daemon for granting clients user namespaces and assigning resources to them 2024-04-06 16:08:24 +02:00
mkosi.conf mkosi: Switch to linux-virtual on Ubuntu 2024-03-29 15:58:13 +01:00
NEWS ssh-generator: create privsep dir via tmpfiles.d/ if we are told to 2024-04-04 01:01:10 +09:00
README README: mention fq_codel 2024-02-22 19:14:31 +00:00
README.md Revert "docs: use collections to structure the data" 2024-02-23 09:48:47 +01:00
TODO update TODO 2024-04-04 18:16:45 +02:00

README.md

Systemd

System and Service Manager

Semaphore CI 2.0 Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
CentOS CI - CentOS 9
CentOS CI - Arch
CentOS CI - Arch (sanitizers)
Fossies codespell report
Weblate
Coverage Status
Packaging status
OpenSSF Scorecard

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel

Stable branches with backported patches are available in the stable repo.