{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":4498414,"defaultBranch":"master","name":"init","ownerLogin":"arachsys","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2012-05-30T18:31:04.000Z","ownerAvatar":"https://github.com/avatars/u/299056?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1722201872.0","currentOid":""},"activityList":{"items":[{"before":"e233b375efb9c5f7e0f0576a854153e54b064d90","after":"d10ead36de85b82abc7c06e32494f9bbd8b9e95c","ref":"refs/heads/master","pushedAt":"2024-07-28T21:21:47.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Update example /etc/init\n\nIf filesystem checks fail, continue with a read-only root filesystem.\nThis is more useful in practice as it allows broken systems to be repaired\nover ssh before rebooting. Commands and daemons that shouldn't be run in\nthis mode can be guarded with 'test -w /' or similar.","shortMessageHtmlLink":"Update example /etc/init"}},{"before":"f97f9b9dce60a58856017df9d2da196fd8f0dc98","after":null,"ref":"refs/tags/init-2.13","pushedAt":"2024-07-28T21:21:17.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"}},{"before":"831b3bc3d99018f823f0cf386b5d20d3dc011b5c","after":"e233b375efb9c5f7e0f0576a854153e54b064d90","ref":"refs/heads/master","pushedAt":"2024-07-28T12:10:34.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Keep syslogd in the foreground until /dev/log exists\n\nThis eliminates any risk of a race between syslogd creating /dev/log\nand subsequently-started daemons calling syslog() to write to it, which\nmight lead to the loss of early log messages. Exit with an error if the\nbackground daemon doesn't create /dev/log within two seconds, to avoid\nstalling boot indefinitely.","shortMessageHtmlLink":"Keep syslogd in the foreground until /dev/log exists"}},{"before":"47e268de36ea8ecbb8dd8028c6872d9b14431a10","after":"831b3bc3d99018f823f0cf386b5d20d3dc011b5c","ref":"refs/heads/master","pushedAt":"2024-07-28T12:02:11.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Keep syslogd in the foreground until /dev/log exists\n\nThis eliminates any risk of a race between syslogd creating /dev/log\nand subsequently-started daemons calling syslog() to write to it, which\nmight lead to the loss of early log messages. Exit with an error if the\nbackground daemon doesn't create /dev/log within two seconds, to avoid\nstalling boot indefinitely.","shortMessageHtmlLink":"Keep syslogd in the foreground until /dev/log exists"}},{"before":"17f78b0ae81502a26a2b61c86228b764d190182f","after":"47e268de36ea8ecbb8dd8028c6872d9b14431a10","ref":"refs/heads/master","pushedAt":"2024-07-25T15:21:47.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Add ueventwait to wait for a single device\n\nA common boot-time pattern is to wait for a single device which is\nasynchronously discovered. It is wasteful to run a persistent ueventd\njust to cover this case.\n\nProvide a ueventwait script which waits for a single device, matching\npattern arguments of the form KEY=PATTERN against uevent properties of\nexisting devices then newly-added devices until a match is found.","shortMessageHtmlLink":"Add ueventwait to wait for a single device"}},{"before":"a3214845dd377a703f7b251c470400c2ef187198","after":null,"ref":"refs/tags/init-2.12","pushedAt":"2024-07-25T15:20:28.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"}},{"before":"6e57b999e844c9159123e4c25c92d5af9f69257d","after":"17f78b0ae81502a26a2b61c86228b764d190182f","ref":"refs/heads/master","pushedAt":"2024-07-25T12:22:04.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Add ueventwait to wait for a single device\n\nA common boot-time pattern is to wait for a single device which is\nasynchronously discovered. It is wasteful to run a persistent ueventd\njust to cover this case.\n\nProvide a ueventwait script which waits for a single device, matching\npattern arguments of the form KEY=PATTERN against uevent properties of\nexisting devices then newly-added devices until a match is found.","shortMessageHtmlLink":"Add ueventwait to wait for a single device"}},{"before":"fd0cfe31827fd88899f5e7530beeeaffd9d2388c","after":"6e57b999e844c9159123e4c25c92d5af9f69257d","ref":"refs/heads/master","pushedAt":"2024-07-25T12:19:29.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Add ueventwait to wait for a single device\n\nA common boot-time pattern is to wait for a single device which is\nasynchronously discovered. It is wasteful to run a persistent ueventd\njust to cover this case.\n\nProvide a ueventwait script which waits for a single device, matching\npattern arguments of the form KEY=PATTERN against uevent properties of\nexisting devices then newly-added devices until a match is found.","shortMessageHtmlLink":"Add ueventwait to wait for a single device"}},{"before":"aa8b4efaccc9a50f2debc28def1bb1dc96f1590a","after":"fd0cfe31827fd88899f5e7530beeeaffd9d2388c","ref":"refs/heads/master","pushedAt":"2024-07-25T12:15:26.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Add ueventwait to wait for a single device\n\nA common boot-time pattern is to wait for a single device which is\nasynchronously discovered. It is wasteful to run a persistent ueventd\njust to cover this case.\n\nProvide a ueventwait script which waits for a single device, matching\npattern arguments of the form KEY=PATTERN against uevent properties of\nexisting devices then newly-added devices until a match is found.","shortMessageHtmlLink":"Add ueventwait to wait for a single device"}},{"before":"7d0f6ee19c35668d99256a0618949d5bcd4b67bf","after":"aa8b4efaccc9a50f2debc28def1bb1dc96f1590a","ref":"refs/heads/master","pushedAt":"2024-07-25T11:56:16.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Add ueventwait to wait for a single device\n\nA common boot-time pattern is to wait for a single device which is\nasynchronously discovered. It is wasteful to run a persistent ueventd\njust to cover this case.\n\nProvide a ueventwait script which waits for a single device, matching\npattern arguments of the form KEY=PATTERN against uevent properties of\nexisting devices then newly-added devices until a match is found.","shortMessageHtmlLink":"Add ueventwait to wait for a single device"}},{"before":"e9765d2999ccd917bebc8d221435512d546e574f","after":"7d0f6ee19c35668d99256a0618949d5bcd4b67bf","ref":"refs/heads/master","pushedAt":"2024-07-07T22:25:48.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Ensure daemon polls every second when awaiting paths\n\nInotify isn't available everywhere that daemon -w might be useful,\nincluding in sysfs. Instead of blocking on read, poll the inotify\ndescriptor once a second so we can stat the path periodically.","shortMessageHtmlLink":"Ensure daemon polls every second when awaiting paths"}},{"before":"9eb2470f1d80c2ed067ebf209f2f8dae572c32b9","after":"e9765d2999ccd917bebc8d221435512d546e574f","ref":"refs/heads/master","pushedAt":"2024-07-07T21:31:21.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Ensure daemon polls every second when awaiting paths\n\nInotify isn't available everywhere that daemon -w might be useful,\nincluding in sysfs. Instead of blocking on read, poll the inotify\ndescriptor once a second so we can stat the path periodically.","shortMessageHtmlLink":"Ensure daemon polls every second when awaiting paths"}},{"before":"5a853a9a30b907d5873b9fdafdf0c8ab30cd1c26","after":"9eb2470f1d80c2ed067ebf209f2f8dae572c32b9","ref":"refs/heads/master","pushedAt":"2024-03-15T22:09:28.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Explain why we can safely strncpy() into struct sockaddr_un\n\nOn Linux, sun_path in struct sockaddr is NUL-padded not NUL-terminated:\nthe pathname is implicitly terminated by the end of the fixed-size array.\nIf we insist on a terminating NUL, we can't bind valid full-length\nsocket paths. The strncpy() in listen_unix() is thus correct even though\nit appears suspicious. Explicitly mention this in a comment.","shortMessageHtmlLink":"Explain why we can safely strncpy() into struct sockaddr_un"}},{"before":"9eb2470f1d80c2ed067ebf209f2f8dae572c32b9","after":"5a853a9a30b907d5873b9fdafdf0c8ab30cd1c26","ref":"refs/heads/master","pushedAt":"2024-01-05T12:30:39.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Only call defined actions in example /etc/init\n\nTo better guard against junk accidentally passed on the kernel command\nline, only treat the first argument to /etc/init as a command to run\nif it matches one of the locally-defined action functions. Otherwise,\njust call the default 'start' action.\n\nIn this simple example, only 'start' and 'stop' are provided, but 'single'\nand 'rescue' actions might also be useful on server systems.","shortMessageHtmlLink":"Only call defined actions in example /etc/init"}},{"before":"71136cf46c65f21b3dd37ddbc040572e35ba1333","after":"9eb2470f1d80c2ed067ebf209f2f8dae572c32b9","ref":"refs/heads/master","pushedAt":"2024-01-03T18:42:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Explain why we can safely strncpy() into struct sockaddr_un\n\nOn Linux, sun_path in struct sockaddr is NUL-padded not NUL-terminated:\nthe pathname is implicitly terminated by the end of the fixed-size array.\nIf we insist on a terminating NUL, we can't bind valid full-length\nsocket paths. The strncpy() in listen_unix() is thus correct even though\nit appears suspicious. Explicitly mention this in a comment.","shortMessageHtmlLink":"Explain why we can safely strncpy() into struct sockaddr_un"}},{"before":"cdf28181b2d6a16cf5ed7db5c1f7a6731458557e","after":"71136cf46c65f21b3dd37ddbc040572e35ba1333","ref":"refs/heads/master","pushedAt":"2023-11-19T15:03:22.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Add runfg: an anti-backgrounding wrapper for use with daemon\n\nThis is similar in style to Dan Bernstein's fghack, but rather than\nleaving unexpected file descriptors open, it uses the Linux-specific\nPR_SET_CHILD_SUBREAPER prctl to reliably capture orphaned descendants.","shortMessageHtmlLink":"Add runfg: an anti-backgrounding wrapper for use with daemon"}},{"before":"03eb7580a7f70be7ca0f31d7b42a990ca28140ed","after":"cdf28181b2d6a16cf5ed7db5c1f7a6731458557e","ref":"refs/heads/master","pushedAt":"2023-11-19T14:40:44.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Add subfg: an anti-backgrounding wrapper for use with daemon\n\nThis is similar in style to Dan Bernstein's fghack, but rather than\nleaving unexpected file descriptors open, it uses the Linux-specific\nPR_SET_CHILD_SUBREAPER prctl to reliably capture orphaned descendants.","shortMessageHtmlLink":"Add subfg: an anti-backgrounding wrapper for use with daemon"}},{"before":"6b71bbd550d393690be5b5b044857287f9fdcb7b","after":"03eb7580a7f70be7ca0f31d7b42a990ca28140ed","ref":"refs/heads/master","pushedAt":"2023-11-19T14:37:18.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Add subfg: an anti-backgrounding wrapper for use with daemon\n\nThis is similar in style to Dan Bernstein's fghack, but rather than\nleaving unexpected file descriptors open, it uses the Linux-specific\nPR_SET_CHILD_SUBREAPER prctl to reliably capture orphaned descendants.","shortMessageHtmlLink":"Add subfg: an anti-backgrounding wrapper for use with daemon"}},{"before":"be38a2144a072cee13815a68fff00d9d1cc588c0","after":"6b71bbd550d393690be5b5b044857287f9fdcb7b","ref":"refs/heads/master","pushedAt":"2023-11-19T14:32:49.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Add subfg: an anti-backgrounding wrapper for use with daemon\n\nThis is similar in style to Dan Bernstein's fghack, but rather than\nleaving unexpected file descriptors open, it uses the Linux-specific\nPR_SET_CHILD_SUBREAPER prctl to reliably capture orphaned descendants.","shortMessageHtmlLink":"Add subfg: an anti-backgrounding wrapper for use with daemon"}},{"before":"a4a71663ef925a4b90c95f73290afa8a16b4ab05","after":"be38a2144a072cee13815a68fff00d9d1cc588c0","ref":"refs/heads/master","pushedAt":"2023-08-06T21:32:41.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Fix pid file removal when syslogd and ueventd exit\n\nTo clean up their syslog/uevent subprocesses, syslogd and ueventd signal\ntheir process group on termination. Properly ignore this self-signal in the\nexit handler so it isn't prematurely killed before removing the pid file.","shortMessageHtmlLink":"Fix pid file removal when syslogd and ueventd exit"}},{"before":"6eeabab5d603021b368244f05a4fabfbac9ae560","after":"a4a71663ef925a4b90c95f73290afa8a16b4ab05","ref":"refs/heads/master","pushedAt":"2023-07-04T18:01:33.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Add optional double fork in daemon\n\nBy default, daemon intentionally runs the command as a session and\nprocess group leader. On Linux, a session leader without a controlling\nterminal can acquire one just by opening a terminal device, unlike BSD.\nSometimes this behaviour can be inconvenient, so add a -f flag to fork\ntwice so we no longer lead the session.\n\nThis repurposes a flag previously ignored for command-line compatibility\nwith the original BSD daemon(8), but in practice the options we support\nalready collide with more modern BSD versions.","shortMessageHtmlLink":"Add optional double fork in daemon"}},{"before":"fd3e1cae716003d4ed757d48030eb0f47873a69a","after":"6eeabab5d603021b368244f05a4fabfbac9ae560","ref":"refs/heads/master","pushedAt":"2023-06-25T16:07:49.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Use nodev, noexec and nosuid in example /etc/fstab\n\nWhere appropriate, add the nodev, noexec and nosuid mount options to\nfilesystems in the example /etc/fstab.\n\nDevice nodes aren't required outside /dev. Nothing needs to be executable\nexcept in / and /tmp, and we can forbid setuid and setgid binaries in /tmp.\nA redundant nosuid option is not required where noexec is already in force.\n\nAdd the memory_recursiveprot and nsdelegate options to /sys/fs/cgroup as\nthese are now the standard configuration.\n\nDrop the explicit relatime from / because this is now enabled by default.\nUse PARTLABEL=root with auto type rather than a fixed ext4 /dev/vda rootfs,\nand add a similar /boot mount with PARTLABEL=boot.","shortMessageHtmlLink":"Use nodev, noexec and nosuid in example /etc/fstab"}},{"before":"ebf09a7bad5903e5361772f54b0e6227ed49e8a4","after":"fd3e1cae716003d4ed757d48030eb0f47873a69a","ref":"refs/heads/master","pushedAt":"2023-06-25T13:30:01.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Use nodev, noexec and nosuid in example /etc/fstab\n\nWhere appropriate, add the nodev, noexec and nosuid mount options to\nfilesystems in the example /etc/fstab.\n\nDevice nodes aren't required outside /dev. Nothing needs to be executable\nexcept in / and /tmp, and we can forbid setuid and setgid binaries in /tmp.\nA redundant nosuid option is not required where noexec is already in force.\n\nAdd the memory_recursiveprot and nsdelegate options to /sys/fs/cgroup as\nthese are now the standard configuration.\n\nDrop the explicit relatime from / because this is now enabled by default.\nUse LABEL=root with auto type rather than a fixed ext4 /dev/vda example,\nand add a similar /boot mount with LABEL=boot.","shortMessageHtmlLink":"Use nodev, noexec and nosuid in example /etc/fstab"}},{"before":"bbec0af2a9b0c4461c24ee53ac863f7b7b7ffb0c","after":"ebf09a7bad5903e5361772f54b0e6227ed49e8a4","ref":"refs/heads/master","pushedAt":"2023-06-25T13:11:21.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Use nodev, noexec and nosuid in example /etc/fstab\n\nWhere appropriate, add the nodev, noexec and nosuid mount options to\nfilesystems in the example /etc/fstab.\n\nDevice nodes aren't required outside /dev. Nothing needs to be executable\nexcept in / and /tmp, and we can forbid setuid and setgid binaries in /tmp.\nA redundant nosuid option is not required where noexec is already in force.\n\nAdd the memory_recursiveprot and nsdelegate options to /sys/fs/cgroup as\nthese are now the standard configuration.\n\nDrop the explicit relatime from / because this is now enabled by default,\nand use LABEL=root rather than a hard-coded /dev/vda example.","shortMessageHtmlLink":"Use nodev, noexec and nosuid in example /etc/fstab"}},{"before":"f993b434b44b06fc3b99801e5786086cd63ead24","after":"bbec0af2a9b0c4461c24ee53ac863f7b7b7ffb0c","ref":"refs/heads/master","pushedAt":"2023-06-25T13:03:47.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Use nodev, noexec and nosuid in example /etc/fstab\n\nWhere appropriate, add the nodev, noexec and nosuid mount options to\nfilesystems in the example /etc/fstab.\n\nDevice nodes aren't required outside /dev. Nothing needs to be executable\nexcept in / and /tmp, and we can forbid setuid and setgid binaries in /tmp.\nA redundant nosuid option is not required where noexec is already in force.\n\nAdd the memory_recursiveprot and nsdelegate options to /sys/fs/cgroup as\nthese are now the standard configuration.\n\nDrop the explicit relatime from / because this is now enabled by default.","shortMessageHtmlLink":"Use nodev, noexec and nosuid in example /etc/fstab"}},{"before":"d0cfe6aa30122b2ccd023df62e1275f79713cf2e","after":"f993b434b44b06fc3b99801e5786086cd63ead24","ref":"refs/heads/master","pushedAt":"2023-06-25T12:58:47.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Use nodev, noexec and nosuid in example /etc/fstab\n\nWhere appropriate, add the nodev, noexec and nosuid mount options to\nfilesystems in the example /etc/fstab.\n\nDevice nodes aren't required outside /dev. Nothing needs to be executable\nexcept in / and /tmp, and we can forbid setuid and setgid binaries in /tmp.\nA redundant nosuid option is not required where noexec is already in force.\n\nAdd the memory_recursiveprot and nsdelegate options to /sys/fs/cgroup as\nthese are now the standard configuration.","shortMessageHtmlLink":"Use nodev, noexec and nosuid in example /etc/fstab"}},{"before":"9f55f8c7fa5a2a91a94ac729aad2999251225ce6","after":"d0cfe6aa30122b2ccd023df62e1275f79713cf2e","ref":"refs/heads/master","pushedAt":"2023-06-25T12:48:35.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Use nodev, noexec and nosuid in example /etc/fstab\n\nWhere appropriate, add the nodev, noexec and nosuid mount options to\nfilesystems in the example /etc/fstab.\n\nDevice nodes aren't required outside /dev. Nothing needs to be executable\nexcept in / and /tmp, and we can forbid setuid and setgid binaries in /tmp.\n\nAdd the memory_recursiveprot and nsdelegate options to /sys/fs/cgroup as\nthese are now the standard configuration.","shortMessageHtmlLink":"Use nodev, noexec and nosuid in example /etc/fstab"}},{"before":"23e9fd6a2d07d16278c48636315fca3e03d33907","after":"9f55f8c7fa5a2a91a94ac729aad2999251225ce6","ref":"refs/heads/master","pushedAt":"2023-06-25T12:41:57.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Use nodev, noexec and nosuid in example /etc/fstab\n\nWhere appropriate, add the nodev, noexec and nosuid mount options to\nfilesystems in the example /etc/fstab.\n\nDevice nodes aren't required outside /dev. Nothing needs to be executable\nexcept in / and /tmp, and we can forbid setuid and setgid binaries in /tmp.","shortMessageHtmlLink":"Use nodev, noexec and nosuid in example /etc/fstab"}},{"before":"8e24a0dd8fbccb0c834ae5c7c19757b463ce6233","after":"23e9fd6a2d07d16278c48636315fca3e03d33907","ref":"refs/heads/master","pushedAt":"2023-06-25T11:28:49.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Work around a bash idiosyncrasy in the example /etc/init\n\nWhen bash is blocked on read, it still handles SIGCHLD and waits for\ndead children to avoid zombies. However, when a timeout is requested,\nbash won't wait on children until the read returns. This leads to a\nshort-lived zombie from process substitution in the watchdog daemon.\n\nExplicitly wait for <(:) to terminate before using read -t N to sleep.","shortMessageHtmlLink":"Work around a bash idiosyncrasy in the example /etc/init"}},{"before":"48ba1839c26a3ab1f436a9dacce4093e61f05afa","after":"8e24a0dd8fbccb0c834ae5c7c19757b463ce6233","ref":"refs/heads/master","pushedAt":"2023-06-14T17:06:39.644Z","pushType":"push","commitsCount":1,"pusher":{"login":"arachsys","name":"Chris Webb","path":"/arachsys","primaryAvatarUrl":"https://github.com/avatars/u/299056?s=80&v=4"},"commit":{"message":"Check for error returns from ftruncate() and fchdir()\n\nIn context, neither of these calls should be able to fail. However, recent\ngcc complains about the unchecked result, so handle any error just in case.","shortMessageHtmlLink":"Check for error returns from ftruncate() and fchdir()"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"startCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wNy0yOFQyMToyMTo0Ny4wMDAwMDBazwAAAASLUx3Q","endCursor":"Y3Vyc29yOnYyOpK7MjAyMy0wNi0xNFQxNzowNjozOS42NDQ2NjFazwAAAANBi3lX"}},"title":"Activity · arachsys/init"}