systemd

mirror of https://github.com/systemd/systemd.git synced 2024-11-24 10:43:35 +08:00

Go to file

Luca Boccassi 301e7cd047 man: specify that ProtectProc= does not work with root/cap_sys_ptrace When using hidepid=invisible on procfs, the kernel will check if the gid of the process trying to access /proc is the same as the gid of the process that mounted the /proc instance, or if it has the ptrace capability: https://github.com/torvalds/linux/blob/v5.10/fs/proc/base.c#L723 https://github.com/torvalds/linux/blob/v5.10/fs/proc/root.c#L155 Given we set up the /proc instance as root for system services, The same restriction applies to CAP_SYS_PTRACE, if a process runs with it then hidepid=invisible has no effect. ProtectProc effectively can only be used with User= or DynamicUser=yes, without CAP_SYS_PTRACE. Update the documentation to explicitly state these limitations. Fixes #18997		2021-03-15 16:53:16 +00:00
.github	ci: build an upstream version of systemd-nspawn	2021-02-26 17:06:25 +01:00
.lgtm/cpp-queries	lgtm: complain about accept() [people should use accept4() instead, due to O_CLOEXEC]	2019-04-10 20:03:38 +02:00
.mkosi	Move shared mkosi settings to a single file in mkosi.default.d/	2021-01-06 12:10:58 +00:00
.semaphore	ci: migrate to Semaphore CI 2.0	2021-01-15 20:18:29 +01:00
catalog	license: LGPL-2.1+ -> LGPL-2.1-or-later	2020-11-09 13:23:58 +09:00
coccinelle	coccinelle: ignore specific cases to use SYNTHETIC_ERRNO() macro	2020-11-27 14:35:20 +09:00
docs	docs: more markup	2021-03-11 14:43:16 +01:00
factory/etc	man: move 'files' module in NSS 'hosts:' line before myhostname	2020-08-17 18:55:59 +02:00
hwdb.d	hwdb: update for v248	2021-03-08 14:27:48 +01:00
man	man: specify that ProtectProc= does not work with root/cap_sys_ptrace	2021-03-15 16:53:16 +00:00
mkosi.default.d	mkosi: Enable InstallDirectory and SourceFileTransferFinal options	2021-01-06 23:28:34 +00:00
modprobe.d	license: LGPL-2.1+ -> LGPL-2.1-or-later	2020-11-09 13:23:58 +09:00
network	network: use IPMasquerade=both instead of yes	2021-02-24 15:01:43 +01:00
po	po: Translated using Weblate (Korean)	2021-03-09 14:14:33 +01:00
presets	license: LGPL-2.1+ -> LGPL-2.1-or-later	2020-11-09 13:23:58 +09:00
rules.d	udev: add default group for sgx enclave access	2021-03-10 23:05:48 +01:00
shell-completion	udevadm-trigger: introduce --quiet option	2021-02-21 04:40:23 +09:00
src	Merge pull request #18984 from poettering/event-test-timeout	2021-03-15 14:31:48 +00:00
sysctl.d	sysctl.d: silence warning if net.core.default_qdisc cannot be set	2021-02-19 21:24:26 +01:00
sysusers.d	udev: add default group for sgx enclave access	2021-03-10 23:05:48 +01:00
test	test: fix permissions of the ASan udev workaround	2021-03-11 00:28:13 +09:00
tmpfiles.d	udev: allow kvm group to access vhost-net device	2021-01-13 13:12:26 +04:00
tools	hwdb: update for v248	2021-03-08 14:27:48 +01:00
units	units: add Conditions for systemd-oomd.service	2021-02-23 02:09:21 -08:00
xorg	scripts: use 4 space indentation	2019-04-12 08:30:31 +02:00
.clang-format	clang-format: set SpaceBeforeParens to ControlStatementsExceptForEachMacros	2020-11-16 16:57:51 +09:00
.ctags	editors: Prevent ctags from following symlinks	2019-02-15 11:01:20 -08:00
.dir-locals.el	scripts: use 4 space indentation	2019-04-12 08:30:31 +02:00
.editorconfig	editorconfig: add man configuration	2020-05-26 15:37:05 +02:00
.gitattributes	udev: Extract RAM properties from DMI information	2020-12-16 18:32:29 +01:00
.gitignore	Move shared mkosi settings to a single file in mkosi.default.d/	2021-01-06 12:10:58 +00:00
.lgtm.yml	lgtm: drop the TMPDIR/meson workaround	2020-03-03 20:27:42 +01:00
.mailmap	NEWS: update contributors list for v246-pre	2020-07-23 17:30:54 +02:00
.packit.yml	ci: revert back to --werror instead of -Dc_args=-Werror	2021-03-07 11:07:50 +01:00
.vimrc	scripts: use 4 space indentation	2019-04-12 08:30:31 +02:00
.ycm_extra_conf.py	ycm: add doc string for all the functions in configuration file	2017-11-29 13:21:49 -07:00
configure	tree-wide: add spdx header on all scripts and helpers	2021-01-28 09:55:35 +01:00
LICENSE.GPL2	relicense to LGPLv2.1 (with exceptions)	2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1	licence: remove references to old FSF address	2012-12-17 11:41:31 +01:00
Makefile	tree-wide: add spdx header on all scripts and helpers	2021-01-28 09:55:35 +01:00
meson_options.txt	meson: take oomd out of the doghouse	2021-02-02 14:38:19 +01:00
meson.build	missing_syscall: add epoll_pwait2() wrapper	2021-02-26 09:21:51 +01:00
mkosi.build	meson: Fix update-man-rules when the build dir is not a subdir of the project dir	2021-01-24 17:33:49 +00:00
NEWS	NEWS: update contributors list for v248-rc3	2021-03-11 15:07:26 +01:00
README	README: add config_psi as requirement for systemd-oomd	2021-02-23 02:10:09 -08:00
README.md	ci: point the Fossies badge to main	2021-01-21 20:08:44 +01:00
TODO	update TODO	2021-03-10 22:38:28 +01:00

README.md

System and Service Manager

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Stable branches with backported patches are available in the stable repo.