[systemd-devel] By default, restrict vsock
Michal Koutný
mkoutny at suse.com
Tue Jan 14 16:29:20 UTC 2025
Hello.
On Fri, Jan 10, 2025 at 05:03:27PM +0000, "Fox, Kevin M" <Kevin.Fox at pnnl.gov> wrote:
> Is there a way to set `RestrictAddressFamilies=~AF_VSOCK` globally on
> all units unless they have RestrictAddressFamilies set that allows it?
With a generic service.d/num-restric.conf drop-in, see example with
10-all.conf in systemd.unit(5).
The selected services would need a higher drop-in that would allow it
again.
HTH,
Michal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20250114/63ca6397/attachment.sig>
More information about the systemd-devel
mailing list