morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity

import-creds: add support for binary credentials specified on the kernel cmdline

Browse Source
This commit is contained in:
Lennart Poettering
2023-07-04 11:46:37 +02:00
parent 49850c1ee3
commit de70ecb328
7 changed files with 37 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/CREDENTIALS.md
View File

@@ -322,10 +322,11 @@ services where they are ultimately consumed.
be sure they can be accessed securely from initrd context.
4. Credentials can also be passed into a system via the kernel command line,
via the `systemd.set-credential=` kernel command line option. Note though
that any data specified here is visible to all userspace applications (even
unprivileged ones) via `/proc/cmdline`. Typically, this is hence not useful
to pass sensitive information, and should be avoided.
via the `systemd.set_credential=` and `systemd.set_credential_binary=`
kernel command line options (the latter takes Base64 encoded binary
data). Note though that any data specified here is visible to all userspace
applications (even unprivileged ones) via `/proc/cmdline`. Typically, this
is hence not useful to pass sensitive information, and should be avoided.
Credentials passed to the system may be enumerated/displayed via `systemd-creds
--system`. They may also be propagated down to services, via the