shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Code
6d9ef22acd
systemd/catalog
History
Matteo Croce 6d9ef22acd emit a warning in networkd if managed sysctls are changed 
Monitor the sysctl set by networkd for writes, if a sysctl is
overwritten with a different value than the one we set, emit a warning.
Writes are detected with an eBPF program attached as BPF_CGROUP_SYSCTL
which reports the sysctl writes only in net/.

The eBPF program only reports sysctl writes from a different cgroup than networkd.
To do this, it uses the `bpf_current_task_under_cgroup_proto()` helper,
which will be available allowed in BPF_CGROUP_SYSCTL from kernel 6.12[1].

Loading a BPF_CGROUP_SYSCTL program requires the CAP_SYS_ADMIN capability,
so drop it just after the program load, whether it loads successfully or not.

Writes are logged but permitted, in future the functionality can be
extended to also deny writes to managed sysctls.

[1] https://lore.kernel.org/bpf/20240819162805.78235-3-technoboy85@gmail.com/
2024-09-11 23:07:00 +02:00
..
meson.build meson: use 'sh' variable everywhere 2023-08-24 11:17:50 +02:00
systemd.be.catalog.in man: update links to catalog docs 2024-05-28 14:46:44 +02:00
systemd.be@latin.catalog.in man: update links to catalog docs 2024-05-28 14:46:44 +02:00
systemd.bg.catalog.in man: update links to catalog docs 2024-05-28 14:46:44 +02:00
systemd.catalog.in emit a warning in networkd if managed sysctls are changed 2024-09-11 23:07:00 +02:00
systemd.da.catalog.in man: update links to catalog docs 2024-05-28 14:46:44 +02:00
systemd.de.catalog.in Move message repeat 2022-06-01 00:20:30 +09:00
systemd.fr.catalog.in man: update links to catalog docs 2024-05-28 14:46:44 +02:00
systemd.hr.catalog.in man: update links to catalog docs 2024-05-28 14:46:44 +02:00
systemd.hu.catalog.in man: update links to catalog docs 2024-05-28 14:46:44 +02:00
systemd.it.catalog.in man: update links to catalog docs 2024-05-28 14:46:44 +02:00
systemd.ko.catalog.in man: update links to catalog docs 2024-05-28 14:46:44 +02:00
systemd.pl.catalog.in manager: add structured log message about clock bump 2024-06-15 16:54:37 +02:00
systemd.pt_BR.catalog.in man: update links to catalog docs 2024-05-28 14:46:44 +02:00
systemd.ru.catalog.in man: update links to catalog docs 2024-05-28 14:46:44 +02:00
systemd.sr.catalog.in man: update links to catalog docs 2024-05-28 14:46:44 +02:00
systemd.zh_CN.catalog.in man: update links to catalog docs 2024-05-28 14:46:44 +02:00
systemd.zh_TW.catalog.in man: update links to catalog docs 2024-05-28 14:46:44 +02:00