mirror of
https://github.com/systemd/systemd
synced 2024-11-05 18:25:39 +00:00
5d1e8cd3e0
Let's make sure that user's cannot DoS services for other users so easily, and enable MaxConnectionsPerSocket= by default for all of them. Note that this is mostly paranoia for systemd-pcrextend.socket and systemd-sysext.socket: the socket is only accessible to root anyway, hence the accounting shouldn#t change anything. But this is just a safety net, in preparation that we open up some functionality of these services sooner or later.
21 lines
622 B
SYSTEMD
21 lines
622 B
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Credential Encryption/Decryption (Varlink)
|
|
Documentation=man:systemd-creds(1)
|
|
DefaultDependencies=no
|
|
Before=sockets.target
|
|
|
|
[Socket]
|
|
ListenStream=/run/systemd/io.systemd.Credentials
|
|
FileDescriptorName=varlink
|
|
SocketMode=0666
|
|
Accept=yes
|
|
MaxConnectionsPerSource=16
|