projects / platform / upstream / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3ae3329) | patch
core:sandbox: remove CAP_SYS_RAWIO on PrivateDevices=yes
authorDjalal Harouni <tixxdz@opendz.org>
Fri, 7 Oct 2016 18:38:05 +0000 (20:38 +0200)
committerDjalal Harouni <tixxdz@opendz.org>
Wed, 12 Oct 2016 11:39:49 +0000 (13:39 +0200)
commit2cd0a735470894bd2d25147442285744764633a1
treeced267bfca1489c3f5334838321f8e8589c1079ftree | snapshot
parent3ae33295f00be5e2836f009bf1991b0caddf80b7commit | diff
core:sandbox: remove CAP_SYS_RAWIO on PrivateDevices=yes

The rawio system calls were filtered, but CAP_SYS_RAWIO allows to access raw
data through /proc, ioctl and some other exotic system calls...
man/systemd.exec.xml diff | blob | history
src/core/unit.c diff | blob | history
Domain: System / System Framework;