mirror of
https://github.com/systemd/systemd
synced 2024-10-15 20:45:09 +00:00
parent
e19186359a
commit
db7374e156
|
@ -380,7 +380,8 @@ Various services shipped with `systemd` consume credentials for tweaking behavio
|
||||||
to receive a notification via VSOCK when a virtual machine has finished booting.
|
to receive a notification via VSOCK when a virtual machine has finished booting.
|
||||||
Note that in case the hypervisor does not support `SOCK_DGRAM` over `AF_VSOCK`,
|
Note that in case the hypervisor does not support `SOCK_DGRAM` over `AF_VSOCK`,
|
||||||
`SOCK_SEQPACKET` will be tried instead. The credential payload should be in the
|
`SOCK_SEQPACKET` will be tried instead. The credential payload should be in the
|
||||||
form: `vsock:<CID>:<PORT>`. Also note that this requires support for VHOST to be
|
form: `vsock:<CID>:<PORT>`. `vsock` may be replaced with `vsock-stream`, `vsock-dgram` or `vsock-seqpacket`
|
||||||
|
to force usage of the corresponding socket type. Also note that this requires support for VHOST to be
|
||||||
built-in both the guest and the host kernels, and the kernel modules to be loaded.
|
built-in both the guest and the host kernels, and the kernel modules to be loaded.
|
||||||
|
|
||||||
* [`systemd-sysusers(8)`](https://www.freedesktop.org/software/systemd/man/systemd-sysusers.html)
|
* [`systemd-sysusers(8)`](https://www.freedesktop.org/software/systemd/man/systemd-sysusers.html)
|
||||||
|
|
|
@ -485,12 +485,14 @@
|
||||||
<constant>AF_VSOCK</constant> address, which is useful for hypervisors/VMMs or other processes on the
|
<constant>AF_VSOCK</constant> address, which is useful for hypervisors/VMMs or other processes on the
|
||||||
host to receive a notification when a virtual machine has finished booting. Note that in case the
|
host to receive a notification when a virtual machine has finished booting. Note that in case the
|
||||||
hypervisor does not support <constant>SOCK_DGRAM</constant> over <constant>AF_VSOCK</constant>,
|
hypervisor does not support <constant>SOCK_DGRAM</constant> over <constant>AF_VSOCK</constant>,
|
||||||
<constant>SOCK_SEQPACKET</constant> will be used instead. The address should be in the form:
|
<constant>SOCK_SEQPACKET</constant> will be used instead. <literal>vsock-stream</literal>,
|
||||||
<literal>vsock:CID:PORT</literal>. Note that unlike other uses of vsock, the CID is mandatory and cannot
|
<literal>vsock-dgram</literal> and <literal>vsock-seqpacket</literal> can be used instead of
|
||||||
be <literal>VMADDR_CID_ANY</literal>. Note that PID1 will send the VSOCK packets from a privileged port
|
<literal>vsock</literal> to force usage of the corresponding socket type. The address should be in the
|
||||||
(i.e.: lower than 1024), as an attempt to address concerns that unprivileged processes in the guest might
|
form: <literal>vsock:CID:PORT</literal>. Note that unlike other uses of vsock, the CID is mandatory and
|
||||||
try to send malicious notifications to the host, driving it to make destructive decisions based on
|
cannot be <literal>VMADDR_CID_ANY</literal>. Note that PID1 will send the VSOCK packets from a
|
||||||
them.</para>
|
privileged port (i.e.: lower than 1024), as an attempt to address concerns that unprivileged processes in
|
||||||
|
the guest might try to send malicious notifications to the host, driving it to make destructive decisions
|
||||||
|
based on them.</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
|
|
|
@ -221,7 +221,9 @@
|
||||||
<replaceable>x</replaceable> on a port <replaceable>y</replaceable> address in the
|
<replaceable>x</replaceable> on a port <replaceable>y</replaceable> address in the
|
||||||
<constant>AF_VSOCK</constant> family. The CID is a unique 32-bit integer identifier in
|
<constant>AF_VSOCK</constant> family. The CID is a unique 32-bit integer identifier in
|
||||||
<constant>AF_VSOCK</constant> analogous to an IP address. Specifying the CID is optional, and may be
|
<constant>AF_VSOCK</constant> analogous to an IP address. Specifying the CID is optional, and may be
|
||||||
set to the empty string.</para>
|
set to the empty string. <literal>vsock</literal> may be replaced with
|
||||||
|
<literal>vsock-stream</literal>, <literal>vsock-dgram</literal> or <literal>vsock-seqpacket</literal>
|
||||||
|
to force usage of the corresponding socket type.</para>
|
||||||
|
|
||||||
<para>Note that <constant>SOCK_SEQPACKET</constant> (i.e.
|
<para>Note that <constant>SOCK_SEQPACKET</constant> (i.e.
|
||||||
<varname>ListenSequentialPacket=</varname>) is only available
|
<varname>ListenSequentialPacket=</varname>) is only available
|
||||||
|
|
|
@ -1167,7 +1167,9 @@
|
||||||
<constant>SOCK_DGRAM</constant> over <constant>AF_VSOCK</constant>,
|
<constant>SOCK_DGRAM</constant> over <constant>AF_VSOCK</constant>,
|
||||||
<constant>SOCK_SEQPACKET</constant> will be tried instead. The credential payload for
|
<constant>SOCK_SEQPACKET</constant> will be tried instead. The credential payload for
|
||||||
<constant>AF_VSOCK</constant> should be a string in the form
|
<constant>AF_VSOCK</constant> should be a string in the form
|
||||||
<literal>vsock:CID:PORT</literal>.</para>
|
<literal>vsock:CID:PORT</literal>. <literal>vsock-stream</literal>, <literal>vsock-dgram</literal>
|
||||||
|
and <literal>vsock-seqpacket</literal> can be used instead of <literal>vsock</literal> to force
|
||||||
|
usage of the corresponding socket type.</para>
|
||||||
|
|
||||||
<para>This feature is useful for machine managers or other processes on the host to receive a
|
<para>This feature is useful for machine managers or other processes on the host to receive a
|
||||||
notification via VSOCK when a virtual machine has finished booting.</para>
|
notification via VSOCK when a virtual machine has finished booting.</para>
|
||||||
|
|
Loading…
Reference in a new issue