]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1ecdba1) | patch
execute: filter low-level I/O syscalls if PrivateDevices= is set
authorLennart Poettering <lennart@poettering.net>
Fri, 26 Aug 2016 14:39:04 +0000 (16:39 +0200)
committerDjalal Harouni <tixxdz@opendz.org>
Sun, 25 Sep 2016 08:52:57 +0000 (10:52 +0200)
commitba128bb809cc59ca60db65f0c09bd7f48876fa83
tree23f06555364d0088541890e3e185d8367a2b7577tree | snapshot
parent1ecdba149bab8346b611e2ccacfe66e58a7b863ccommit | diff
execute: filter low-level I/O syscalls if PrivateDevices= is set

If device access is restricted via PrivateDevices=, let's also block the
various low-level I/O syscalls at the same time, so that we know that the
minimal set of devices in our virtualized /dev are really everything the unit
can access.
src/core/execute.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.