tailscale

mirror of https://github.com/tailscale/tailscale.git synced 2024-11-25 19:15:34 +00:00

History

Frederik “Freso” S. Olesen 83fccf9fe5 tailscaled.service: Lock down clock and /dev (#1071 ) Research in issue #1063 uncovered why tailscaled would fail with ProtectClock enabled (it implicitly enabled DevicePolicy=closed). This knowledge in turn also opens the door for locking down /dev further, e.g. explicitly setting DevicePolicy=strict (instead of closed), and making /dev private for the unit. Additional possible future (or downstream) lockdown that can be done is setting `PrivateDevices=true` (with `BindPaths=/dev/net/`), however, systemd 233 or later is required for this, and tailscaled currently need to work for systemd down to version 215. Closes https://github.com/tailscale/tailscale/issues/1063 Signed-off-by: Frederik “Freso” S. Olesen <freso.dk@gmail.com>		2021-01-07 10:18:55 -08:00
..
cloner	ipn: use cmd/cloner for Prefs.Clone	2020-10-19 12:15:49 -07:00
derper	wgkey: new package	2020-12-30 17:33:02 -08:00
microproxy	cmd/microproxy: add -insecure flag	2020-09-15 15:07:56 -07:00
mkpkg	cmd/mkpkg: support adding empty directories.	2020-05-04 17:57:13 -04:00
tailscale	wgkey: new package	2020-12-30 17:33:02 -08:00
tailscaled	tailscaled.service: Lock down clock and /dev (#1071 )	2021-01-07 10:18:55 -08:00
tsshd	wgengine/monitor: don't call LinkChange when interfaces look unchanged	2020-03-10 11:03:19 -07:00