systemd/units
Lennart Poettering 5cb02182fd units: set nodev,nosuid,noexec flags for various secondary API VFS
A couple of API VFS we mount via .mount units. Let's set the three flags
for those too, just in case.

This is just paranoia, nothing else, but shouldn't hurt.
2019-03-25 19:39:00 +01:00
..
user man,units: document what user "default.target" is a bit 2019-03-15 13:55:24 +01:00
user-.slice.d units: set StopWhenUnneeded= for the user slice units too 2018-10-13 12:59:29 +02:00
basic.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
bluetooth.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
boot-complete.target units: add generic boot-complete.target 2018-10-19 22:34:50 +02:00
console-getty.service.m4 unit,meson: drop .in suffix if no substitution is required (#8740) 2018-04-17 19:49:10 +02:00
container-getty@.service.m4 unit,meson: drop .in suffix if no substitution is required (#8740) 2018-04-17 19:49:10 +02:00
cryptsetup-pre.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
cryptsetup.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
debug-shell.service.in units: link up debug-generator documentation from debug-shell.service 2017-12-26 12:13:51 +01:00
dev-hugepages.mount Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
dev-mqueue.mount units: set nodev,nosuid,noexec flags for various secondary API VFS 2019-03-25 19:39:00 +01:00
emergency.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
emergency.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
exit.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
final.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
getty-pre.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
getty.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
getty@.service.m4 Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
graphical.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
halt-local.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
halt.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
hibernate.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
hybrid-sleep.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
initrd-cleanup.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
initrd-fs.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
initrd-parse-etc.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
initrd-root-device.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
initrd-root-fs.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
initrd-switch-root.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
initrd-switch-root.target units: make sure initrd-cleanup.service terminates before switching to rootfs 2019-01-28 13:41:28 +01:00
initrd-udevadm-cleanup-db.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
initrd.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
kexec.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
kmod-static-nodes.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
ldconfig.service Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
local-fs-pre.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
local-fs.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
machine.slice Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
machines.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
meson-add-wants.sh meson: fix dirname/basename confusion in meson-and-wants.sh install helper (#10126) 2018-09-20 16:01:58 +09:00
meson.build Pull in systemd-remount-fs.service only when required 2019-01-03 15:30:28 +01:00
multi-user.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
network-online.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
network-pre.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
network.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
nss-lookup.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
nss-user-lookup.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
paths.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
poweroff.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
printer.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
proc-sys-fs-binfmt_misc.automount Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
proc-sys-fs-binfmt_misc.mount units: set nodev,nosuid,noexec flags for various secondary API VFS 2019-03-25 19:39:00 +01:00
quotaon.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
rc-local.service.in man: add a systemd-rc-local-generator(8) man page 2017-12-26 12:13:51 +01:00
reboot.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
remote-cryptsetup.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
remote-fs-pre.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
remote-fs.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
rescue.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
rescue.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
rpcbind.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
serial-getty@.service.m4 Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
shutdown.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
sigpwr.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
sleep.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
slices.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
smartcard.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
sockets.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
sound.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
suspend-then-hibernate.target Fix description on suspend-then-hibernate units. 2018-03-28 15:26:18 -05:00
suspend.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
swap.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
sys-fs-fuse-connections.mount units: set nodev,nosuid,noexec flags for various secondary API VFS 2019-03-25 19:39:00 +01:00
sys-kernel-config.mount units: set nodev,nosuid,noexec flags for various secondary API VFS 2019-03-25 19:39:00 +01:00
sys-kernel-debug.mount units: set nodev,nosuid,noexec flags for various secondary API VFS 2019-03-25 19:39:00 +01:00
sysinit.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
syslog.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
system-update-cleanup.service units: fix systemd.special man page reference in system-update-cleanup.service 2019-03-07 14:42:43 +01:00
system-update-pre.target units: make system-update-pre.target a passive unit (#9349) 2018-06-20 12:46:18 +02:00
system-update.target units: fix typo in After= 2018-06-20 18:14:43 +02:00
systemd-ask-password-console.path emergency: make sure console password agents don't interfere with the emergency shell 2018-09-26 18:13:32 +02:00
systemd-ask-password-console.service.in emergency: make sure console password agents don't interfere with the emergency shell 2018-09-26 18:13:32 +02:00
systemd-ask-password-wall.path emergency: make sure console password agents don't interfere with the emergency shell 2018-09-26 18:13:32 +02:00
systemd-ask-password-wall.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-backlight@.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-binfmt.service.in fix url for binfmt documentation (#8720) 2018-04-14 15:15:19 +02:00
systemd-bless-boot.service.in add new systemd-bless-boot.service that marks boots as successful 2018-10-19 22:34:50 +02:00
systemd-boot-check-no-failures.service.in units: add simple boot check unit 2018-10-19 22:34:50 +02:00
systemd-coredump.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-coredump@.service.in units: enable ProtectHostname=yes 2019-02-20 10:50:44 +02:00
systemd-exit.service units: fix Description= of systemd-exit.service 2018-11-16 12:25:35 +01:00
systemd-firstboot.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-fsck-root.service.in units: make fsck/grows/makefs/makeswap units conflict against shutdown.target 2018-11-26 22:18:16 +01:00
systemd-fsck@.service.in units: make fsck/grows/makefs/makeswap units conflict against shutdown.target 2018-11-26 22:18:16 +01:00
systemd-halt.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-hibernate-resume@.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-hibernate.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-hostnamed.service.in units: re-drop ProtectHostname from systemd-hostnamed.service (#11792) 2019-02-22 08:04:37 +01:00
systemd-hwdb-update.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-hybrid-sleep.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-importd.service.in units: enable ProtectHostname=yes 2019-02-20 10:50:44 +02:00
systemd-initctl.service.in units: set NoNewPrivileges= for all long-running services 2018-11-12 19:02:55 +01:00
systemd-initctl.socket units: initctl: move the fifo to /run/initctl to match sysvinit 2018-03-30 16:52:14 -04:00
systemd-journal-catalog-update.service.in units: update catalog after systemd-tmpfiles runs 2019-03-14 11:28:19 +01:00
systemd-journal-flush.service.in units: drop systemd-user-sessions.service ordering dep on systemd-journal-flush.service (#10502) 2018-10-25 04:41:02 +09:00
systemd-journal-gatewayd.service.in units: enable ProtectHostname=yes 2019-02-20 10:50:44 +02:00
systemd-journal-gatewayd.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-journal-remote.service.in units: enable ProtectHostname=yes 2019-02-20 10:50:44 +02:00
systemd-journal-remote.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-journal-upload.service.in units: enable ProtectHostname=yes 2019-02-20 10:50:44 +02:00
systemd-journald-audit.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-journald-dev-log.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-journald.service.in units: turn of ProtectHostname= again for services hat need to know about system hostname changes 2019-03-08 15:49:10 +01:00
systemd-journald.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-kexec.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-localed.service.in units: enable ProtectHostname=yes 2019-02-20 10:50:44 +02:00
systemd-logind.service.in Revert "Revert "units: lock down logind with fs namespacing options"" 2019-03-19 10:58:49 +01:00
systemd-machine-id-commit.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-machined.service.in units: enable ProtectHostname=yes 2019-02-20 10:50:44 +02:00
systemd-modules-load.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-networkd-wait-online.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-networkd.service.in units: turn of ProtectHostname= again for services hat need to know about system hostname changes 2019-03-08 15:49:10 +01:00
systemd-networkd.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-nspawn@.service.in nspawn: turn on watchdog logic for nspawn too 2017-12-07 12:34:46 +01:00
systemd-portabled.service.in units: enable ProtectHostname=yes 2019-02-20 10:50:44 +02:00
systemd-poweroff.service units: use SuccessAction=poweroff-force in systemd-poweroff.service 2018-10-17 19:31:50 +02:00
systemd-quotacheck.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-random-seed.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-reboot.service units: use SuccessAction=reboot-force in systemd-reboot.service 2018-10-17 19:31:50 +02:00
systemd-remount-fs.service.in Pull in systemd-remount-fs.service only when required 2019-01-03 15:30:28 +01:00
systemd-resolved.service.in units: turn of ProtectHostname= again for services hat need to know about system hostname changes 2019-03-08 15:49:10 +01:00
systemd-rfkill.service.in units: set NoNewPrivileges= for all long-running services 2018-11-12 19:02:55 +01:00
systemd-rfkill.socket units: order systemd-rfkill.socket after /var/lib/systemd/rfkill (#10904) 2018-11-24 23:59:37 +09:00
systemd-suspend-then-hibernate.service.in Fix description on suspend-then-hibernate units. 2018-03-28 15:26:18 -05:00
systemd-suspend.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-sysctl.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-sysusers.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-time-wait-sync.service.in units: document why systemd-time-wait-sync.service conditions on CAP_SYS_TIME (#8555) 2018-03-22 23:41:54 +03:00
systemd-timedated.service.in units: enable ProtectHostname=yes 2019-02-20 10:50:44 +02:00
systemd-timesyncd.service.in units: enable ProtectHostname=yes 2019-02-20 10:50:44 +02:00
systemd-tmpfiles-clean.service.in units: use SuccessExitStatus to ignore syntax errors in tmpfiles 2017-12-01 18:58:54 +01:00
systemd-tmpfiles-clean.timer Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-tmpfiles-setup-dev.service.in units: drop conditionalization of systemd-tmpfiles-setup-dev.service 2019-01-26 13:55:18 +01:00
systemd-tmpfiles-setup.service.in tmpfiles: Order tmpfiles-setup after journald 2018-09-20 13:20:41 +02:00
systemd-udev-settle.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-udev-trigger.service.in units: let's use two ExecStart= lines instead of ; 2018-06-20 23:59:29 +02:00
systemd-udevd-control.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-udevd-kernel.socket Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-udevd.service.in units: enable ProtectHostname=yes 2019-02-20 10:50:44 +02:00
systemd-update-done.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-update-utmp-runlevel.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-update-utmp.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-user-sessions.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-vconsole-setup.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
systemd-volatile-root.service.in Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
time-sync.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
timers.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
tmp.mount man,units: link up new documentation about temporary directories 2019-02-20 18:31:18 +01:00
umount.target Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
usb-gadget.target units: add usb-gadget target 2019-02-15 18:16:27 +01:00
user-runtime-dir@.service.in units: use =yes rather than =true everywhere 2018-10-13 12:59:29 +02:00
user.slice Add SPDX license headers to unit files 2017-11-19 19:08:15 +01:00
user@.service.in units: turn off keyring handling for user@.service 2019-03-19 10:58:20 +01:00
var-lib-machines.mount import: drop logic of setting up /var/lib/machines as btrfs loopback mount 2018-11-26 18:09:01 +01:00