mirror of
https://github.com/systemd/systemd.git
synced 2025-01-09 01:18:19 +03:00
5d1e8cd3e0
Let's make sure that user's cannot DoS services for other users so easily, and enable MaxConnectionsPerSocket= by default for all of them. Note that this is mostly paranoia for systemd-pcrextend.socket and systemd-sysext.socket: the socket is only accessible to root anyway, hence the accounting shouldn#t change anything. But this is just a safety net, in preparation that we open up some functionality of these services sooner or later.
27 lines
694 B
SYSTEMD
27 lines
694 B
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=TPM2 PCR Extension (Varlink)
|
|
Documentation=man:systemd-pcrextend(8)
|
|
DefaultDependencies=no
|
|
After=tpm2.target
|
|
Before=sockets.target
|
|
ConditionSecurity=measured-uki
|
|
|
|
[Socket]
|
|
ListenStream=/run/systemd/io.systemd.PCRExtend
|
|
FileDescriptorName=varlink
|
|
SocketMode=0600
|
|
Accept=yes
|
|
MaxConnectionsPerSource=16
|
|
|
|
[Install]
|
|
WantedBy=sockets.target
|