system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-09-06 08:46:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
72981 commits 4 branches 388 tags 532 MiB
C 89%
Python 5.3%
Shell 4.3%
Meson 1.2%
Find a file
Luca Boccassi edd3d4d7c2 nspawn: ensure single-process container running as --user can access credentials 
When starting a container with --user, the new uid will be resolved and switched to
only in the inner child, at the end of the setup, by spawning getent. But the
credentials are set up in the outer child, long before the user is resolvable,
and the directories/files are made only readable by root and read-only, which
means they cannot be changed later and made visible to the user.

When this particular combination is specified, it is obvious the caller wants
the single-process container to be able to use credentials, so make them world
readable only in that specific case.

Fixes https://github.com/systemd/systemd/issues/31794
2024-04-22 15:47:44 +02:00
.clusterfuzzlite
.github mkosi: Update to latest 2024-04-22 09:08:16 +02:00
.semaphore
catalog
coccinelle introduce FOREACH_ELEMENT 2024-04-18 17:39:34 +02:00
docs vmspawn: add env var that can extend the qemu cmdline 2024-04-20 12:10:42 +02:00
factory
hwdb.d
LICENSES
man nspawn: ensure single-process container running as --user can access credentials 2024-04-22 15:47:44 +02:00
mime
mkosi.conf.d
mkosi.images/system mkosi: Explicitly disable fortify for debian/ubuntu 2024-04-22 10:49:32 +02:00
modprobe.d
network
pkg build(deps): bump pkg/arch from ccc32ea to 124b1da 2024-04-22 12:02:16 +02:00
po po: Translated using Weblate (Slovenian) 2024-04-22 14:38:39 +02:00
presets
rules.d
shell-completion Merge pull request #32144 from bluca/portable_clean 2024-04-18 18:15:20 +02:00
src nspawn: ensure single-process container running as --user can access credentials 2024-04-22 15:47:44 +02:00
sysctl.d
sysusers.d
test nspawn: ensure single-process container running as --user can access credentials 2024-04-22 15:47:44 +02:00
tmpfiles.d
tools
units
xorg
.clang-format
.ctags
.dir-locals.el
.editorconfig
.gitattributes
.gitignore
.gitmodules
.mailmap
.packit.yml
.pylintrc
.vimrc
.ycm_extra_conf.py
LICENSE.GPL2
LICENSE.LGPL2.1
meson.build test: Add mkosi-based integration test runner 2024-04-18 16:26:38 +01:00
meson.version
meson_options.txt test: Add mkosi-based integration test runner 2024-04-18 16:26:38 +01:00
mkosi.conf mkosi: Build command line into the image 2024-04-19 15:05:19 +02:00
NEWS NEWS: mention ExecMainHandoverTimestamp 2024-04-22 14:26:24 +01:00
README
README.md
TODO update TODO 2024-04-20 12:10:42 +02:00

README.md

Systemd

System and Service Manager

Semaphore CI 2.0 Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
CentOS CI - CentOS 9
CentOS CI - Arch
CentOS CI - Arch (sanitizers)
Fossies codespell report
Weblate
Coverage Status
Packaging status
OpenSSF Scorecard

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel

Stable branches with backported patches are available in the stable repo.

We have a security bug bounty program sponsored by the Sovereign Tech Fund hosted on YesWeHack