[systemd-devel] By default, restrict vsock
Michal Koutný
mkoutny at suse.com
Wed Jan 29 17:12:13 UTC 2025
On Fri, Jan 24, 2025 at 05:20:50PM +0000, "Fox, Kevin M" <Kevin.Fox at pnnl.gov> wrote:
> So, I think there still is a problem here.
>
> Any ideas?
Hm, the latter is clearly generally unadvisable, so stick with the first
approach and allow the AF_VSOCK in a higher drop-in, in your case
/usr/lib/systemd/system/particular.service.d/20-vsock-enable.conf
(Admiteddly, the service config would be broken down to multiple files
this way.)
HTH,
Michal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20250129/d30777ce/attachment.sig>
More information about the systemd-devel
mailing list