]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 641714c) | patch
core: Fix time namespace in RestrictNamespaces=
authorRyan Wilson <ryantimwilson@meta4.com>
Mon, 2 Dec 2024 23:38:46 +0000 (15:38 -0800)
committerMike Yuan <me@yhndnzj.com>
Tue, 10 Dec 2024 19:55:26 +0000 (20:55 +0100)
commit219a6dbbf3ad0121ec43118d4fcdb7b375532cbe
tree411c9ff8c67e3ca8119803504e63e3130999b112tree | snapshot
parent641714cb30e4834c4bfeb59c3def5161f16fddc9commit | diff
core: Fix time namespace in RestrictNamespaces=

RestrictNamespaces= would accept "time" but would not actually apply
seccomp filters e.g. systemd-run -p RestrictNamespaces=time unshare -T true
should fail but it succeeded.

This commit actually enables time namespace seccomp filtering.
man/systemd.exec.xml diff | blob | blame | history
src/shared/nsflags.h diff | blob | blame | history
src/test/test-seccomp.c diff | blob | blame | history
test/units/TEST-07-PID1.exec-context.sh diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.