morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity

units: enable MaxConnectionsPerSocket= for all our Accept=yes units

Browse Source 
Let's make sure that user's cannot DoS services for other users so
easily, and enable MaxConnectionsPerSocket= by default for all of them.

Note that this is mostly paranoia for systemd-pcrextend.socket and
systemd-sysext.socket: the socket is only accessible to root anyway,
hence the accounting shouldn#t change anything. But this is just a
safety net, in preparation that we open up some functionality of these
services sooner or later.
This commit is contained in:
Lennart Poettering
2024-02-07 13:19:54 +01:00
parent 48930a5ded
commit 5d1e8cd3e0
4 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
units/systemd-coredump.socket
View File

@@ -19,3 +19,4 @@ ListenSequentialPacket=/run/systemd/coredump
SocketMode=0600 SocketMode=0600
Accept=yes Accept=yes
MaxConnections=16 MaxConnections=16
MaxConnectionsPerSource=8

1
units/systemd-creds.socket
View File

@@ -18,3 +18,4 @@ ListenStream=/run/systemd/io.systemd.Credentials
FileDescriptorName=varlink FileDescriptorName=varlink
SocketMode=0666 SocketMode=0666
Accept=yes Accept=yes
MaxConnectionsPerSource=16

1
units/systemd-pcrextend.socket
View File

@@ -20,6 +20,7 @@ ListenStream=/run/systemd/io.systemd.PCRExtend
FileDescriptorName=varlink FileDescriptorName=varlink
SocketMode=0600 SocketMode=0600
Accept=yes Accept=yes
MaxConnectionsPerSource=16
[Install] [Install]
WantedBy=sockets.target WantedBy=sockets.target

1
units/systemd-sysext.socket
View File

@@ -20,6 +20,7 @@ ListenStream=/run/systemd/io.systemd.sysext
FileDescriptorName=varlink FileDescriptorName=varlink
SocketMode=0600 SocketMode=0600
Accept=yes Accept=yes
MaxConnectionsPerSource=16
[Install] [Install]
WantedBy=sockets.target WantedBy=sockets.target