This release contians 35 changes from 6 contributors.
Some highlights of this release:
- Improve session state tracking in the libseat logind backend, which
could previously fail to notify the libseat client that the session
had been deactivated.
- Do not trigger a VT switch when starting a logind session, allowing
sessions to be started in the background.
- Improve error handling in some edgecases in the libseat seatd backend.
- Apply more aggressive security policies to the included systemd unit.
Adrien Demarez (1):
seatd: fix small bug in assert
Jack Mitchell (1):
seatd: fix double close of file handle
Kelvin C (10):
systemd: lockdown the filesystem
systemd: ensure no new privileges
systemd: disable network access
systemd: limit sys calls and arch
systemd: limit access to kernel
systemd: restrict namespace functionality
systemd: restrict capabilities
systemd: protect system clock
systemd: protect hostname
systemd: restrict access to devices
Kenny Levinsen (21):
seatd: Avoid unnecessary asserts
connection: Add overflow edge-case test
libseat/seatd: Error on unexpected response
libseat/seatd: Dispatch utility cleanup
seatd: Add responses for switch and disable
common: Allow inserting inited linked list elem
seatd: Init client link after removal
libseat/seatd: Fix wrong dispatch reference
logind: Skip session activation
seat: Merge close_client with remove_client
seat: Minor cleanup in device reuse, error logging
seat: Add a bit of documentation
libseat/logind: Check initial active state
libseat/logind: Better naming and signatures
libseat/logind: Move session_get_type up to its family
logind: Remove match signal on seat object
logind: Iterate through entire PropertiesChanged
logind: Remove drm device tracking
ci: Disable logind smoketest for now
seatd: Add support for hidraw devices
seatd: Minor evdev ifdef cleanup
Morose (1):
logind: Condition is always true
Simon Ser (1):
build: show whether man pages are enabled in summary
