summaryrefslogtreecommitdiff
path: root/units/systemd-machined.service.in
Commit message (Collapse)AuthorAge
* machined: move logic for bind mounting into containers from machinectl to ↵Lennart Poettering2015-02-17
| | | | | | | machined This extends the bus interface, adding BindMountMachine() for bind mounting directories from the host into the container.
* Revert "units: add SecureBits"Lennart Poettering2015-02-11
| | | | | | | | This reverts commit 6a716208b346b742053cfd01e76f76fb27c4ea47. Apparently this doesn't work. http://lists.freedesktop.org/archives/systemd-devel/2015-February/028212.html
* units: add SecureBitsTopi Miettinen2015-02-11
| | | | | | No setuid programs are expected to be executed, so add SecureBits=noroot noroot-locked to unit files.
* machined/machinectl: add logic to show list of available imagesLennart Poettering2014-12-19
| | | | | | | | | This adds a new bus call to machined that enumerates /var/lib/container and returns all trees stored in it, distuingishing three types: - GPT disk images, which are files suffixed with ".gpt" - directory trees - btrfs subvolumes
* machinectl: show /etc/os-release information of container in status outputLennart Poettering2014-07-03
|
* units: add missing caps so that GetAddresses() can workLennart Poettering2014-06-19
|
* units: fix minor typoLennart Poettering2014-06-06
|
* core: rename ReadOnlySystem= to ProtectSystem= and add a third value for ↵Lennart Poettering2014-06-04
| | | | | | | | | | also mounting /etc read-only Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit. With this in place we now have two neat options ProtectSystem= and ProtectHome= for protecting the OS itself (and optionally its configuration), and for protecting the user's data.
* core: add new ReadOnlySystem= and ProtectedHome= settings for service unitsLennart Poettering2014-06-03
| | | | | | | | | | | | | | ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
* core: enable PrivateNetwork= for a number of our long running services where ↵Lennart Poettering2014-03-19
| | | | this is useful
* units: make use of PrivateTmp=yes and PrivateDevices=yes for all our ↵Lennart Poettering2014-03-19
| | | | long-running daemons
* units: systemd-machined now exits on idle and we shouldn't try to restart it ↵Lennart Poettering2013-12-23
| | | | then
* event: hook up sd-event with the service watchdog logicLennart Poettering2013-12-11
| | | | | | | | | | | | | Adds a new call sd_event_set_watchdog() that can be used to hook up the event loop with the watchdog supervision logic of systemd. If enabled and $WATCHDOG_USEC is set the event loop will ping the invoking systemd daemon right after coming back from epoll_wait() but not more often than $WATCHDOG_USEC/4. The epoll_wait() will sleep no longer than $WATCHDOG_USEC/4*3, to make sure the service manager is called in time. This means that setting WatchdogSec= in a .service file and calling sd_event_set_watchdog() in your daemon is enough to hook it up with the watchdog logic.
* machined: run machined at minimal capabilitiesLennart Poettering2013-07-19
|
* units: add references to bus API documentation to logind+machinedLennart Poettering2013-07-19
|
* machined: split out machine registration stuff from logindLennart Poettering2013-07-02
Embedded folks don't need the machine registration stuff, hence it's nice to make this optional. Also, I'd expect that machinectl will grow additional commands quickly, for example to join existing containers and suchlike, hence it's better keeping that separate from loginctl.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 04:02:48 +0000