Topi Miettinen 46c3b1ff88 core: firewall integration with DynamicUserNFTSet= ... New directive `DynamicUserNFTSet=` provides a method for integrating configuration of dynamic users into firewall rules with NFT sets. Example: ``` table inet filter { set u { typeof meta skuid } chain service_output { meta skuid != @u drop accept } } ``` ``` /etc/systemd/system/dunft.service [Service] DynamicUser=yes DynamicUserNFTSet=inet:filter:u ExecStart=/bin/sleep 1000 [Install] WantedBy=multi-user.target ``` ``` $ sudo nft list set inet filter u table inet filter { set u { typeof meta skuid elements = { 64864 } } } $ ps -n --format user,group,pid,command -p `pgrep sleep` USER GROUP PID COMMAND 64864 64864 55158 /bin/sleep 1000 ```		2022-06-08 16:12:25 +00:00
..
fuzz-bootspec	shared/bootspec: add missing terminator to table	2022-05-08 17:58:00 +02:00
fuzz-bus-match	fuzz-bus-match: add example from bugzilla#1935084	2021-03-06 09:32:18 +01:00
fuzz-bus-message	sd-bus: fix buffer overflow	2022-05-28 10:06:14 +02:00
fuzz-calendarspec	shared/calendarspec: fix formatting of entries which collapse to a star	2022-05-10 14:35:57 +02:00
fuzz-catalog	fuzz: rename the longest test samples	2022-03-21 11:42:35 +01:00
fuzz-dhcp6-client	fuzz: rename test cases for brevity and meaning	2022-05-04 11:51:15 +02:00
fuzz-dhcp-client	fuzz: rename test cases for brevity and meaning	2022-05-04 11:51:15 +02:00
fuzz-dhcp-server	fuzz: rename the longest test samples	2022-03-21 11:42:35 +01:00
fuzz-dhcp-server-relay	fuzz: rename fuzz-dhcp-server-relay-message to fuzz-dhcp-server-relay	2022-03-21 11:43:47 +01:00
fuzz-dns-packet	resolve: slightly optimize dns_answer_add()	2020-12-30 04:14:22 +09:00
fuzz-env-file	fuzz: add env-file fuzzer	2019-03-11 14:11:28 +01:00
fuzz-etc-hosts	resolved: use strv_extend_with_size() to avoid slow parsing of /etc/hosts	2022-05-20 15:18:28 +02:00
fuzz-fido-id-desc	udev: Add id program and rule for FIDO security tokens	2019-09-07 02:23:58 +09:00
fuzz-journal-remote	fuzz: rename test cases for brevity and meaning	2022-05-04 11:51:15 +02:00
fuzz-journald-audit	journald: check whether sscanf has changed the value corresponding to %n	2018-11-17 11:25:19 +01:00
fuzz-journald-kmsg	fuzz: rename test cases for brevity and meaning	2022-05-04 11:51:15 +02:00
fuzz-journald-native-fd	tests: add a fuzzer for server_process_native_file	2018-11-23 17:29:59 +01:00
fuzz-journald-stream	tests: add a fuzzer for journald streams	2018-11-20 03:03:32 +01:00
fuzz-journald-syslog	fuzz: unify the "fuzz-regressions" directory with the main corpus	2018-10-02 09:41:25 +02:00
fuzz-json	shared/json: fix memleak in sort	2022-05-10 17:08:37 +02:00
fuzz-link-parser	network,udev/net: add Kind= settings in [Match] section	2022-02-17 23:10:26 +09:00
fuzz-lldp-rx	test: also rename {test,fuzz}-lldp.c	2021-09-27 23:55:11 +09:00
fuzz-ndisc-rs	fuzz: drop too large input	2022-05-16 00:25:18 +01:00
fuzz-netdev-parser	network/erspan: support erspan version 0 and 2	2022-06-01 04:02:48 +09:00
fuzz-network-parser	network: firewall integration with NFT sets	2022-06-08 16:12:25 +00:00
fuzz-nspawn-oci	nspawn-oci: fix double free	2019-03-22 17:39:12 +01:00
fuzz-nspawn-settings	fuzz: rename test cases for brevity and meaning	2022-05-04 11:51:15 +02:00
fuzz-systemctl-parse-argv	systemctl: unset const char* arguments in static destructors	2021-05-31 19:29:07 +02:00
fuzz-udev-database	fuzz: add a sample for fuzz-udev-database	2019-02-26 13:28:30 +09:00
fuzz-udev-rules	Revert "rules: ubi mtd - add link to named partitions"	2021-07-01 16:50:15 +02:00
fuzz-unit-file	core: firewall integration with DynamicUserNFTSet=	2022-06-08 16:12:25 +00:00
fuzz-varlink	shared/varlink: add missing setting of output_buffer_allocated	2019-05-17 15:09:32 +02:00
fuzz-xdg-desktop	xdg-autostart: avoid quadratic behaviour in strv parsing	2020-07-07 12:20:43 +02:00
.gitattributes	gitattributes: introduce and use "generated" attribute	2021-10-18 09:42:55 +02:00
meson.build	meson: pass skip-deps on to the fuzzers as well	2022-02-22 17:50:14 +00:00