systemd

shaba/systemd

Fork 0

mirror of https://github.com/systemd/systemd.git synced 2024-11-14 15:21:37 +03:00

Commit Graph

Author	SHA1	Message	Date
Lennart Poettering	4298d0b512	core: add new RestrictAddressFamilies= switch This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.	2014-02-26 02:19:28 +01:00

Author

SHA1

Message

Date

Lennart Poettering

4298d0b512

core: add new RestrictAddressFamilies= switch

This new unit settings allows restricting which address families are
available to processes. This is an effective way to minimize the attack
surface of services, by turning off entire network stacks for them.

This is based on seccomp, and does not work on x86-32, since seccomp
cannot filter socketcall() syscalls on that platform.

2014-02-26 02:19:28 +01:00

1 Commits