system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-22 18:55:10 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Document new vsock literals

Browse source 
Fixes #31849
This commit is contained in:
Daan De Meyer 2024-03-19 12:29:49 +01:00 committed by Luca Boccassi
parent e19186359a
commit db7374e156
4 changed files with 16 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
docs/CREDENTIALS.md
View file

@ -380,7 +380,8 @@ Various services shipped with `systemd` consume credentials for tweaking behavio
to receive a notification via VSOCK when a virtual machine has finished booting. to receive a notification via VSOCK when a virtual machine has finished booting.
Note that in case the hypervisor does not support `SOCK_DGRAM` over `AF_VSOCK`, Note that in case the hypervisor does not support `SOCK_DGRAM` over `AF_VSOCK`,
`SOCK_SEQPACKET` will be tried instead. The credential payload should be in the `SOCK_SEQPACKET` will be tried instead. The credential payload should be in the
form: `vsock:<CID>:<PORT>`. Also note that this requires support for VHOST to be form: `vsock:<CID>:<PORT>`. `vsock` may be replaced with `vsock-stream`, `vsock-dgram` or `vsock-seqpacket`
to force usage of the corresponding socket type. Also note that this requires support for VHOST to be
built-in both the guest and the host kernels, and the kernel modules to be loaded. built-in both the guest and the host kernels, and the kernel modules to be loaded.
* [`systemd-sysusers(8)`](https://www.freedesktop.org/software/systemd/man/systemd-sysusers.html) * [`systemd-sysusers(8)`](https://www.freedesktop.org/software/systemd/man/systemd-sysusers.html)

14
man/sd_notify.xml
View file

@ -485,12 +485,14 @@
<constant>AF_VSOCK</constant> address, which is useful for hypervisors/VMMs or other processes on the <constant>AF_VSOCK</constant> address, which is useful for hypervisors/VMMs or other processes on the
host to receive a notification when a virtual machine has finished booting. Note that in case the host to receive a notification when a virtual machine has finished booting. Note that in case the
hypervisor does not support <constant>SOCK_DGRAM</constant> over <constant>AF_VSOCK</constant>, hypervisor does not support <constant>SOCK_DGRAM</constant> over <constant>AF_VSOCK</constant>,
<constant>SOCK_SEQPACKET</constant> will be used instead. The address should be in the form: <constant>SOCK_SEQPACKET</constant> will be used instead. <literal>vsock-stream</literal>,
<literal>vsock:CID:PORT</literal>. Note that unlike other uses of vsock, the CID is mandatory and cannot <literal>vsock-dgram</literal> and <literal>vsock-seqpacket</literal> can be used instead of
be <literal>VMADDR_CID_ANY</literal>. Note that PID1 will send the VSOCK packets from a privileged port <literal>vsock</literal> to force usage of the corresponding socket type. The address should be in the
(i.e.: lower than 1024), as an attempt to address concerns that unprivileged processes in the guest might form: <literal>vsock:CID:PORT</literal>. Note that unlike other uses of vsock, the CID is mandatory and
try to send malicious notifications to the host, driving it to make destructive decisions based on cannot be <literal>VMADDR_CID_ANY</literal>. Note that PID1 will send the VSOCK packets from a
them.</para> privileged port (i.e.: lower than 1024), as an attempt to address concerns that unprivileged processes in
the guest might try to send malicious notifications to the host, driving it to make destructive decisions
based on them.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>

4
man/systemd.socket.xml
View file

@ -221,7 +221,9 @@
<replaceable>x</replaceable> on a port <replaceable>y</replaceable> address in the <replaceable>x</replaceable> on a port <replaceable>y</replaceable> address in the
<constant>AF_VSOCK</constant> family. The CID is a unique 32-bit integer identifier in <constant>AF_VSOCK</constant> family. The CID is a unique 32-bit integer identifier in
<constant>AF_VSOCK</constant> analogous to an IP address. Specifying the CID is optional, and may be <constant>AF_VSOCK</constant> analogous to an IP address. Specifying the CID is optional, and may be
set to the empty string.</para> set to the empty string. <literal>vsock</literal> may be replaced with
<literal>vsock-stream</literal>, <literal>vsock-dgram</literal> or <literal>vsock-seqpacket</literal>
to force usage of the corresponding socket type.</para>
<para>Note that <constant>SOCK_SEQPACKET</constant> (i.e. <para>Note that <constant>SOCK_SEQPACKET</constant> (i.e.
<varname>ListenSequentialPacket=</varname>) is only available <varname>ListenSequentialPacket=</varname>) is only available

4
man/systemd.xml
View file

@ -1167,7 +1167,9 @@
<constant>SOCK_DGRAM</constant> over <constant>AF_VSOCK</constant>, <constant>SOCK_DGRAM</constant> over <constant>AF_VSOCK</constant>,
<constant>SOCK_SEQPACKET</constant> will be tried instead. The credential payload for <constant>SOCK_SEQPACKET</constant> will be tried instead. The credential payload for
<constant>AF_VSOCK</constant> should be a string in the form <constant>AF_VSOCK</constant> should be a string in the form
<literal>vsock:CID:PORT</literal>.</para> <literal>vsock:CID:PORT</literal>. <literal>vsock-stream</literal>, <literal>vsock-dgram</literal>
and <literal>vsock-seqpacket</literal> can be used instead of <literal>vsock</literal> to force
usage of the corresponding socket type.</para>
<para>This feature is useful for machine managers or other processes on the host to receive a <para>This feature is useful for machine managers or other processes on the host to receive a
notification via VSOCK when a virtual machine has finished booting.</para> notification via VSOCK when a virtual machine has finished booting.</para>