mirror of
https://github.com/systemd/systemd
synced 2024-10-06 16:21:34 +00:00
96bedbe2e5
Let's lock things down a bit, and maintain a list of what's permitted rather than a list of what's prohibited in nspawn (also to make things a bit more like Docker and friends). Note that this slightly alters the effect of --system-call-filter=, as now the negative list now takes precedence over the positive list. However, given that the option is just a few days old and not included in any released version it should be fine to change it at this point in time. Note that the whitelist is good chunk more restrictive thatn the previous blacklist. Specifically: - fanotify is not permitted (given the buffer size issues it's problematic in containers) - nfsservctl is not permitted (NFS server support is not virtualized) - pkey_xyz stuff is not permitted (really new stuff I don't grok) - @cpu-emulation is prohibited (untested legacy stuff mostly, and if people really want to run dosemu in nspawn, they should use --system-call-filter=@cpu-emulation and all should be good) |
||
---|---|---|
.github | ||
.mkosi | ||
catalog | ||
coccinelle | ||
docs | ||
factory/etc | ||
hwdb | ||
man | ||
modprobe.d | ||
network | ||
po | ||
rules | ||
shell-completion | ||
src | ||
sysctl.d | ||
system-preset | ||
sysusers.d | ||
test | ||
tmpfiles.d | ||
tools | ||
units | ||
xorg | ||
.dir-locals.el | ||
.editorconfig | ||
.gitattributes | ||
.gitignore | ||
.mailmap | ||
.travis.yml | ||
.vimrc | ||
.ycm_extra_conf.py | ||
CODING_STYLE | ||
configure | ||
DISTRO_PORTING | ||
ENVIRONMENT.md | ||
HACKING | ||
LICENSE.GPL2 | ||
LICENSE.LGPL2.1 | ||
Makefile | ||
meson.build | ||
meson_options.txt | ||
mkosi.build | ||
mkosi.default | ||
NEWS | ||
README | ||
README.md | ||
TODO |
systemd - System and Service Manager
Details
General information about systemd can be found in the systemd Wiki.
Information about build requirements are provided in the README file.
Consult our NEWS file for information about what's new in the most recent systemd versions.
Please see the HACKING file for information how to hack on systemd and test your modifications.
Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.
When preparing patches for systemd, please follow our Coding Style Guidelines.
If you are looking for support, please contact our mailing list or join our IRC channel.