]> git.ipfire.org Git - thirdparty/systemd.git/commit - src/core/dbus-execute.c
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 54d564a) | patch
seccomp: LockPersonality boolean (#6193)
authorTopi Miettinen <toiwoton@gmail.com>
Tue, 4 Jul 2017 12:48:18 +0000 (15:48 +0300)
committerLennart Poettering <lennart@poettering.net>
Tue, 29 Aug 2017 13:54:50 +0000 (15:54 +0200)
commit78e864e5b3cc11b72ae663f49f42f158cafbfedf
tree85d0a246d06126e77b1a13c9c80ee99111f53c9ctree | snapshot
parent54d564a2122acb364a2e3dc1c1562386b9ce3080commit | diff
seccomp: LockPersonality boolean (#6193)

Add LockPersonality boolean to allow locking down personality(2)
system call so that the execution domain can't be changed.
This may be useful to improve security because odd emulations
may be poorly tested and source of vulnerabilities, while
system services shouldn't need any weird personalities.
man/systemd.exec.xml diff | blob | blame | history
src/core/dbus-execute.c diff | blob | blame | history
src/core/execute.c diff | blob | blame | history
src/core/execute.h diff | blob | blame | history
src/core/load-fragment-gperf.gperf.m4 diff | blob | blame | history
src/shared/seccomp-util.c diff | blob | blame | history
src/shared/seccomp-util.h diff | blob | blame | history
src/test/test-seccomp.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.