1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
systemd-stable/test/fuzz/fuzz-unit-file
Topi Miettinen 46c3b1ff88 core: firewall integration with DynamicUserNFTSet=
New directive `DynamicUserNFTSet=` provides a method for integrating
configuration of dynamic users into firewall rules with NFT sets.

Example:
```
table inet filter {
        set u {
                typeof meta skuid
        }

        chain service_output {
                meta skuid != @u drop
                accept
        }
}
```

```
/etc/systemd/system/dunft.service
[Service]
DynamicUser=yes
DynamicUserNFTSet=inet:filter:u
ExecStart=/bin/sleep 1000

[Install]
WantedBy=multi-user.target
```

```
$ sudo nft list set inet filter u
table inet filter {
        set u {
                typeof meta skuid
                elements = { 64864 }
        }
}
$ ps -n --format user,group,pid,command -p `pgrep sleep`
    USER    GROUP     PID COMMAND
   64864    64864   55158 /bin/sleep 1000
```
2022-06-08 16:12:25 +00:00
..
dev-mapper-fedora_krowka\x2dswap.swap
directives-all.service watchdog: add setting to configure pretimeout governor 2022-02-22 17:19:54 +00:00
directives.automount core/automount: Add ExtraOptions field 2021-11-23 09:44:35 +01:00
directives.mount core: firewall integration with DynamicUserNFTSet= 2022-06-08 16:12:25 +00:00
directives.path path unit: add TriggerLimitBurst= and TriggerLimitIntervalSec= 2021-12-18 23:17:53 +00:00
directives.scope core: firewall integration with ControlGroupNFTSet= 2022-06-08 16:12:25 +00:00
directives.service core: firewall integration with DynamicUserNFTSet= 2022-06-08 16:12:25 +00:00
directives.slice core: firewall integration with ControlGroupNFTSet= 2022-06-08 16:12:25 +00:00
directives.socket core: firewall integration with DynamicUserNFTSet= 2022-06-08 16:12:25 +00:00
directives.swap core: firewall integration with DynamicUserNFTSet= 2022-06-08 16:12:25 +00:00
directives.timer test: check if the unit file fuzzer corpora is up to date 2021-04-05 14:41:05 +01:00
empty.scope
github-19178 fuzzer: add a test case for #19178 2021-04-03 10:38:06 +01:00
machine.slice license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
oss-fuzz-6884
oss-fuzz-6885
oss-fuzz-6886
oss-fuzz-6892
oss-fuzz-6897
oss-fuzz-6897-evverx
oss-fuzz-6908
oss-fuzz-6917
oss-fuzz-6977
oss-fuzz-6977-unminimized
oss-fuzz-7004
oss-fuzz-8064
oss-fuzz-8827
oss-fuzz-10007
oss-fuzz-11569 fuzz-unit-file: add one more test case 2018-12-10 11:57:26 +01:00
oss-fuzz-13125 shared/calendarspec: do not allocate a big string on stack 2019-02-16 23:31:07 +01:00
oss-fuzz-32991 core: fix memleak of ipc_namespace_path 2021-04-07 22:12:50 +01:00
oss-fuzz-33270 core: fix crash in BPFProgram parsing 2021-05-05 17:15:04 +02:00
oss-fuzz-33876 core: fix crash in parsing of SocketBind{Allow,Deny}= 2021-05-05 17:14:58 +02:00
proc-sys-fs-binfmt_misc.automount license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
syslog.socket license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
systemd-ask-password-console.path license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
systemd-machined.service tree-wide: replace obsolete wiki links with systemd.io/manpages 2022-05-21 14:29:14 +02:00
systemd-resolved.service tree-wide: replace obsolete wiki links with systemd.io/manpages 2022-05-21 14:29:14 +02:00
systemd-tmpfiles-clean.timer Merge pull request #17497 from anitazha/randomizeonce 2020-11-10 13:29:04 +01:00
timers.target license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
var-lib-machines.mount license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00