mirror of
https://github.com/systemd/systemd
synced 2024-07-22 18:55:10 +00:00
parent
e19186359a
commit
db7374e156
|
@ -380,7 +380,8 @@ Various services shipped with `systemd` consume credentials for tweaking behavio
|
|||
to receive a notification via VSOCK when a virtual machine has finished booting.
|
||||
Note that in case the hypervisor does not support `SOCK_DGRAM` over `AF_VSOCK`,
|
||||
`SOCK_SEQPACKET` will be tried instead. The credential payload should be in the
|
||||
form: `vsock:<CID>:<PORT>`. Also note that this requires support for VHOST to be
|
||||
form: `vsock:<CID>:<PORT>`. `vsock` may be replaced with `vsock-stream`, `vsock-dgram` or `vsock-seqpacket`
|
||||
to force usage of the corresponding socket type. Also note that this requires support for VHOST to be
|
||||
built-in both the guest and the host kernels, and the kernel modules to be loaded.
|
||||
|
||||
* [`systemd-sysusers(8)`](https://www.freedesktop.org/software/systemd/man/systemd-sysusers.html)
|
||||
|
|
|
@ -485,12 +485,14 @@
|
|||
<constant>AF_VSOCK</constant> address, which is useful for hypervisors/VMMs or other processes on the
|
||||
host to receive a notification when a virtual machine has finished booting. Note that in case the
|
||||
hypervisor does not support <constant>SOCK_DGRAM</constant> over <constant>AF_VSOCK</constant>,
|
||||
<constant>SOCK_SEQPACKET</constant> will be used instead. The address should be in the form:
|
||||
<literal>vsock:CID:PORT</literal>. Note that unlike other uses of vsock, the CID is mandatory and cannot
|
||||
be <literal>VMADDR_CID_ANY</literal>. Note that PID1 will send the VSOCK packets from a privileged port
|
||||
(i.e.: lower than 1024), as an attempt to address concerns that unprivileged processes in the guest might
|
||||
try to send malicious notifications to the host, driving it to make destructive decisions based on
|
||||
them.</para>
|
||||
<constant>SOCK_SEQPACKET</constant> will be used instead. <literal>vsock-stream</literal>,
|
||||
<literal>vsock-dgram</literal> and <literal>vsock-seqpacket</literal> can be used instead of
|
||||
<literal>vsock</literal> to force usage of the corresponding socket type. The address should be in the
|
||||
form: <literal>vsock:CID:PORT</literal>. Note that unlike other uses of vsock, the CID is mandatory and
|
||||
cannot be <literal>VMADDR_CID_ANY</literal>. Note that PID1 will send the VSOCK packets from a
|
||||
privileged port (i.e.: lower than 1024), as an attempt to address concerns that unprivileged processes in
|
||||
the guest might try to send malicious notifications to the host, driving it to make destructive decisions
|
||||
based on them.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
|
|
@ -221,7 +221,9 @@
|
|||
<replaceable>x</replaceable> on a port <replaceable>y</replaceable> address in the
|
||||
<constant>AF_VSOCK</constant> family. The CID is a unique 32-bit integer identifier in
|
||||
<constant>AF_VSOCK</constant> analogous to an IP address. Specifying the CID is optional, and may be
|
||||
set to the empty string.</para>
|
||||
set to the empty string. <literal>vsock</literal> may be replaced with
|
||||
<literal>vsock-stream</literal>, <literal>vsock-dgram</literal> or <literal>vsock-seqpacket</literal>
|
||||
to force usage of the corresponding socket type.</para>
|
||||
|
||||
<para>Note that <constant>SOCK_SEQPACKET</constant> (i.e.
|
||||
<varname>ListenSequentialPacket=</varname>) is only available
|
||||
|
|
|
@ -1167,7 +1167,9 @@
|
|||
<constant>SOCK_DGRAM</constant> over <constant>AF_VSOCK</constant>,
|
||||
<constant>SOCK_SEQPACKET</constant> will be tried instead. The credential payload for
|
||||
<constant>AF_VSOCK</constant> should be a string in the form
|
||||
<literal>vsock:CID:PORT</literal>.</para>
|
||||
<literal>vsock:CID:PORT</literal>. <literal>vsock-stream</literal>, <literal>vsock-dgram</literal>
|
||||
and <literal>vsock-seqpacket</literal> can be used instead of <literal>vsock</literal> to force
|
||||
usage of the corresponding socket type.</para>
|
||||
|
||||
<para>This feature is useful for machine managers or other processes on the host to receive a
|
||||
notification via VSOCK when a virtual machine has finished booting.</para>
|
||||
|
|
Loading…
Reference in a new issue