mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-23 17:34:00 +03:00
46c3b1ff88
New directive `DynamicUserNFTSet=` provides a method for integrating configuration of dynamic users into firewall rules with NFT sets. Example: ``` table inet filter { set u { typeof meta skuid } chain service_output { meta skuid != @u drop accept } } ``` ``` /etc/systemd/system/dunft.service [Service] DynamicUser=yes DynamicUserNFTSet=inet:filter:u ExecStart=/bin/sleep 1000 [Install] WantedBy=multi-user.target ``` ``` $ sudo nft list set inet filter u table inet filter { set u { typeof meta skuid elements = { 64864 } } } $ ps -n --format user,group,pid,command -p `pgrep sleep` USER GROUP PID COMMAND 64864 64864 55158 /bin/sleep 1000 ``` |
||
---|---|---|
.. | ||
dev-mapper-fedora_krowka\x2dswap.swap | ||
directives-all.service | ||
directives.automount | ||
directives.mount | ||
directives.path | ||
directives.scope | ||
directives.service | ||
directives.slice | ||
directives.socket | ||
directives.swap | ||
directives.timer | ||
empty.scope | ||
github-19178 | ||
machine.slice | ||
oss-fuzz-6884 | ||
oss-fuzz-6885 | ||
oss-fuzz-6886 | ||
oss-fuzz-6892 | ||
oss-fuzz-6897 | ||
oss-fuzz-6897-evverx | ||
oss-fuzz-6908 | ||
oss-fuzz-6917 | ||
oss-fuzz-6977 | ||
oss-fuzz-6977-unminimized | ||
oss-fuzz-7004 | ||
oss-fuzz-8064 | ||
oss-fuzz-8827 | ||
oss-fuzz-10007 | ||
oss-fuzz-11569 | ||
oss-fuzz-13125 | ||
oss-fuzz-32991 | ||
oss-fuzz-33270 | ||
oss-fuzz-33876 | ||
proc-sys-fs-binfmt_misc.automount | ||
syslog.socket | ||
systemd-ask-password-console.path | ||
systemd-machined.service | ||
systemd-resolved.service | ||
systemd-tmpfiles-clean.timer | ||
timers.target | ||
var-lib-machines.mount |