projects / platform / upstream / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3a9530e) | patch
nspawn: add a new --no-new-privileges= cmdline option to nspawn
authorLennart Poettering <lennart@poettering.net>
Mon, 7 May 2018 17:35:48 +0000 (19:35 +0200)
committerLennart Poettering <lennart@poettering.net>
Thu, 17 May 2018 18:47:20 +0000 (20:47 +0200)
commit66edd96310515e8236f5b3da62f0a1f5143bcd83
tree5759200f6d7e425462422da9c24adee3129c94f3tree | snapshot
parent3a9530e5f19565a9cadb7f20bd987c61e0e7c377commit | diff
nspawn: add a new --no-new-privileges= cmdline option to nspawn

This simply controls the PR_SET_NO_NEW_PRIVS flag for the container.
This too is primarily relevant to provide OCI runtime compaitiblity, but
might have other uses too, in particular as it nicely complements the
existing --capability= and --drop-capability= flags.
man/systemd-nspawn.xml diff | blob | history
man/systemd.nspawn.xml diff | blob | history
src/nspawn/nspawn-gperf.gperf diff | blob | history
src/nspawn/nspawn-settings.c diff | blob | history
src/nspawn/nspawn-settings.h diff | blob | history
src/nspawn/nspawn.c diff | blob | history
Domain: System / System Framework;