diff options
| author | Luca Boccassi <bluca@debian.org> | 2023-04-28 00:23:30 +0200 |
|---|---|---|
| committer | Luca Boccassi <bluca@debian.org> | 2023-05-19 16:18:23 +0200 |
| commit | d936595672cf3ee7c1c547f8fd30512f82be8784 (patch) | |
| tree | d9828ff3c9b9387e78013adbb3f7ee824669f8cc /man/org.freedesktop.systemd1.xml | |
| parent | ratelimit: add ratelimit_left helper (diff) | |
| download | systemd-d936595672cf3ee7c1c547f8fd30512f82be8784.tar.xz systemd-d936595672cf3ee7c1c547f8fd30512f82be8784.zip | |
manager: restrict Dump*() to privileged callers or ratelimit
Dump*() methods can take quite some time due to the amount of data to
serialize, so they can potentially stall the manager. Make them
privileged, as they are debugging tools anyway. Use a new 'dump'
capability for polkit, and the 'reload' capability for SELinux, as
that's also non-destructive but slow.
If the caller is not privileged, allow it but rate limited to 10 calls
every 10 minutes.
Diffstat (limited to 'man/org.freedesktop.systemd1.xml')
| -rw-r--r-- | man/org.freedesktop.systemd1.xml | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index 38fd7098aa..0835481f37 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -1403,7 +1403,8 @@ node /org/freedesktop/systemd1 { <function>DumpByFileDescriptor()</function>/<function>DumpUnitsMatchingPatternsByFileDescriptor()</function> are usually the preferred interface, since it ensures the data can be passed reliably from the service manager to the client. Note though that they cannot work when communicating with the service manager - remotely, as file descriptors are strictly local to a system.</para> + remotely, as file descriptors are strictly local to a system. All the <function>Dump*()</function> + methods are rate limited for unprivileged users.</para> <para><function>Reload()</function> may be invoked to reload all unit files.</para> @@ -1778,7 +1779,9 @@ node /org/freedesktop/systemd1 { <function>UnsetAndSetEnvironment()</function>) require <interfacename>org.freedesktop.systemd1.set-environment</interfacename>. <function>Reload()</function> and <function>Reexecute()</function> require - <interfacename>org.freedesktop.systemd1.reload-daemon</interfacename>. + <interfacename>org.freedesktop.systemd1.reload-daemon</interfacename>. Operations which dump internal + state require <interfacename>org.freedesktop.systemd1.bypass-dump-ratelimit</interfacename> to avoid + rate limits. </para> </refsect2> </refsect1> |