]> err.no Git - systemd/commit
projects / systemd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e056b01) | patch
main: add configuration option to alter capability bounding set for PID 1
authorLennart Poettering <lennart@poettering.net>
Thu, 24 May 2012 02:00:56 +0000 (04:00 +0200)
committerLennart Poettering <lennart@poettering.net>
Thu, 24 May 2012 02:00:56 +0000 (04:00 +0200)
commitec8927ca5940e809f0b72f530582c76f1db4f065
treeb230d2458088a82b879afc39a2752d5fc674974etree | snapshot
parente056b01d8acea7fc06d52ef91d227d744faf5259commit | diff
main: add configuration option to alter capability bounding set for PID 1

This also ensures that caps dropped from the bounding set are also
dropped from the inheritable set, to be extra-secure. Usually that should
change very little though as the inheritable set is empty for all our uses
anyway.
12 files changed:
TODO diff | blob | history
man/systemd.conf.xml diff | blob | history
man/systemd.exec.xml diff | blob | history
src/core/execute.c diff | blob | history
src/core/load-fragment-gperf.gperf.m4 diff | blob | history
src/core/load-fragment.c diff | blob | history
src/core/load-fragment.h diff | blob | history
src/core/main.c diff | blob | history
src/core/system.conf diff | blob | history
src/nspawn/nspawn.c diff | blob | history
src/shared/capability.c diff | blob | history
src/shared/capability.h diff | blob | history
systemd, git://git.err.no/systemd