diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-02-07 10:11:44 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-02-12 11:57:16 +0100 |
| commit | 48930a5ded1a35ccebe11a4c904f298be708ad07 (patch) | |
| tree | 5d3ddab8c6033e0bbf8eec2015d548f7a33aeaf3 /man | |
| parent | Merge pull request #30209 from yuwata/sd-journal-reduce-fstat (diff) | |
| download | systemd-48930a5ded1a35ccebe11a4c904f298be708ad07.tar.xz systemd-48930a5ded1a35ccebe11a4c904f298be708ad07.zip | |
pid1: make MaxConnectionsPerSource= also work for AF_UNIX sockets
The setting currently puts limits on connections per IP address and
AF_UNIX CID. Let's extend it to cover AF_UNIX too, where it puts a limit
on connections per UID.
This is particularly useful for the various Accept=yes Varlink services
we now have, as it means, the number of per-user instance services
cannot grow without bounds.
Diffstat (limited to 'man')
| -rw-r--r-- | man/systemd.socket.xml | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml index 0c74d5b2a9..1ac97ae137 100644 --- a/man/systemd.socket.xml +++ b/man/systemd.socket.xml @@ -470,9 +470,10 @@ <varlistentry> <term><varname>MaxConnectionsPerSource=</varname></term> - <listitem><para>The maximum number of connections for a service per source IP address. - This is very similar to the <varname>MaxConnections=</varname> directive - above. Disabled by default.</para> + <listitem><para>The maximum number of connections for a service per source IP address (in case of + IPv4/IPv6), per source CID (in case of <constant>AF_VSOCK</constant>), or source UID (in case of + <constant>AF_UNIX</constant>). This is very similar to the <varname>MaxConnections=</varname> + directive above. Disabled by default.</para> <xi:include href="version-info.xml" xpointer="v232"/> </listitem> |