mirror of
https://github.com/systemd/systemd.git
synced 2024-11-26 19:53:45 +08:00
5d1e8cd3e0
Let's make sure that user's cannot DoS services for other users so easily, and enable MaxConnectionsPerSocket= by default for all of them. Note that this is mostly paranoia for systemd-pcrextend.socket and systemd-sysext.socket: the socket is only accessible to root anyway, hence the accounting shouldn#t change anything. But this is just a safety net, in preparation that we open up some functionality of these services sooner or later.
23 lines
643 B
SYSTEMD
23 lines
643 B
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Process Core Dump Socket
|
|
Documentation=man:systemd-coredump(8)
|
|
DefaultDependencies=no
|
|
Before=shutdown.target systemd-sysctl.service
|
|
Conflicts=shutdown.target
|
|
|
|
[Socket]
|
|
ListenSequentialPacket=/run/systemd/coredump
|
|
SocketMode=0600
|
|
Accept=yes
|
|
MaxConnections=16
|
|
MaxConnectionsPerSource=8
|