systemd

mirror of https://github.com/systemd/systemd.git synced 2024-12-12 11:44:13 +08:00

Go to file

Topi Miettinen 3bb48b19bd core: add user and group to NFTSet= The benefit of using this setting is that user and group IDs, especially dynamic and random IDs used by DynamicUser=, can be used in firewall configuration easily. Example: ``` [Service] NFTSet=user:inet:filter:serviceuser ``` Corresponding NFT rules: ``` table inet filter { set serviceuser { typeof meta skuid } chain service_output { meta skuid @serviceuser accept drop } } ``` ``` $ cat /etc/systemd/system/dunft.service [Service] DynamicUser=yes NFTSet=user:inet:filter:serviceuser ExecStart=/bin/sleep 1000 [Install] WantedBy=multi-user.target $ sudo nft list set inet filter serviceuser table inet filter { set serviceuser { typeof meta skuid elements = { 64864 } } } $ ps -n --format user,group,pid,command -p `systemctl show dunft.service -P MainPID` USER GROUP PID COMMAND 64864 64864 55158 /bin/sleep 1000 ```		2023-09-27 18:10:11 +00:00
.clusterfuzzlite	ci: unpin CFLite	2022-04-26 09:13:57 +00:00
.github	mkosi: Bump Fedora CI to Fedora 39	2023-09-19 11:47:41 +02:00
.semaphore	test: use 'until' instead of 'while !'	2023-09-06 19:54:29 +01:00
catalog	systemd.catalog: freezed -> froze	2023-09-05 12:57:28 +08:00
coccinelle	tree-wide: use cocinnelle to apply _NEG_ macros	2023-08-16 12:52:56 +02:00
docs	pcrphase: rename binary to pcrextend	2023-09-25 17:17:20 +02:00
factory	docs: excorcise NIS from nsswitch.conf	2023-09-20 15:17:52 +02:00
hwdb.d	add support for hp pavilion gaming 15 lid switch (#29304 )	2023-09-26 13:32:03 +01:00
LICENSES	LICENSES/README.md: fix syntax	2023-07-08 22:33:53 +00:00
man	core: add user and group to NFTSet=	2023-09-27 18:10:11 +00:00
mkosi.conf.d	mkosi: Conditionally use tools tree	2023-09-09 15:53:26 +02:00
mkosi.presets	mkosi: Run meson and ninja as the user invoking mkosi	2023-09-25 11:06:15 +01:00
modprobe.d	meson: install the right README file in modprobe.d	2021-07-07 14:52:05 +02:00
network	meson: use install_emptydir() and drop meson-make-symlink.sh	2023-08-08 22:11:34 +01:00
po	po: Translated using Weblate (Hungarian)	2023-09-27 07:56:54 +00:00
presets	preset: enable systemd-networkd-wait-online.service by default	2023-06-07 21:51:37 +01:00
rules.d	99-systemd.rules.in: tag PTP devices with systemd	2023-08-28 10:42:27 +01:00
shell-completion	bash-completion: add missing commands and options to systemd-dissect	2023-09-25 16:46:11 +02:00
src	core: add user and group to NFTSet=	2023-09-27 18:10:11 +00:00
sysctl.d	meson: use install_emptydir() and drop meson-make-symlink.sh	2023-08-08 22:11:34 +01:00
sysusers.d	sysusers.d: create the user for systemd-journal-upload.service	2023-06-19 23:42:00 +02:00
test	Merge pull request #29296 from yuwata/sd-journal-several-cleanups-for-boot-id	2023-09-27 14:56:48 +02:00
tmpfiles.d	Revert "Revert "tmpfiles.d: adjust /dev/vfio/vfio access mode""	2023-08-09 11:27:39 +09:00
tools	update-dbus-docs: Test that items are documented in the History section	2023-09-26 19:11:53 +01:00
units	Merge pull request #29345 from poettering/measured-uki-condition	2023-09-27 16:39:46 +02:00
xorg	xorg/50-systemd-user: add a full license header	2021-10-01 14:45:00 +02:00
.clang-format	clang-format: Adjust style of pointers	2022-05-30 04:00:54 +09:00
.ctags	editors: Prevent ctags from following symlinks	2019-02-15 11:01:20 -08:00
.dir-locals.el	scripts: use 4 space indentation	2019-04-12 08:30:31 +02:00
.editorconfig	mkosi: Use 4 space indentation for scripts	2023-02-21 14:22:52 +01:00
.gitattributes	Mark all base64 files as generated	2023-08-16 12:49:45 +02:00
.gitignore	Add mkosi.conf to gitignore	2023-09-22 08:14:10 +02:00
.mailmap	mailmap: "reduce contributor count by 13"	2023-08-16 12:49:42 +02:00
.packit.yml	Revert "ci: temporarily disable Packit's i386"	2023-09-17 22:18:49 +02:00
.pylintrc	Add .pylintrc to globally suppress warnings we don't really care about	2023-08-10 18:13:29 +02:00
.vimrc	vimrc: explicitly set shiftwidth for the C file type	2023-09-18 13:11:45 +02:00
.ycm_extra_conf.py	ycm: add doc string for all the functions in configuration file	2017-11-29 13:21:49 -07:00
configure	configure: update meson invocation	2023-07-29 14:08:06 +02:00
LICENSE.GPL2	relicense to LGPLv2.1 (with exceptions)	2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1	licence: remove references to old FSF address	2012-12-17 11:41:31 +01:00
Makefile	tree-wide: add spdx header on all scripts and helpers	2021-01-28 09:55:35 +01:00
meson_options.txt	meson: Drop skip-deps option	2023-08-23 14:57:49 +02:00
meson.build	Merge pull request #29296 from keszybz/make-cryptsetup-offical-and-add-docs	2023-09-27 13:31:11 +01:00
mkosi.kernel.config	mkosi: Don't disable CONFIG_USB	2023-09-06 12:58:30 +02:00
NEWS	fix typo in NEWS	2023-09-27 17:24:39 +09:00
README	docs: excorcise NIS from nsswitch.conf	2023-09-20 15:17:52 +02:00
README.md	Update badge on README to refer new scorecard viewer (#28050 )	2023-06-15 19:24:32 +01:00
TODO	update TODO	2023-09-27 19:08:56 +02:00

README.md

System and Service Manager

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Stable branches with backported patches are available in the stable repo.