/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to dracut-module/ask-password-mandos.service

  • Committer: Teddy Hogeborn
  • Date: 2024-11-17 17:28:47 UTC
  • mto: This revision was merged to the branch mainline in revision 412.
  • Revision ID: teddy@recompile.se-20241117172847-3bon1o16owybrmoo
mandos: Make configured network socket non-inheritable

If we are passed a pre-created created network socket as a file
descriptor, we should make it non-inheritable to checkers and other
subprocesses.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
# -*- systemd -*-
2
2
3
 
# Copyright © 2019 Teddy Hogeborn
4
 
# Copyright © 2019 Björn Påhlsson
 
3
# Copyright © 2019-2023 Teddy Hogeborn
 
4
# Copyright © 2019-2023 Björn Påhlsson
5
5
6
6
# This file is part of Mandos.
7
7
48
48
ConditionPathIsMountPoint=!/sysroot
49
49
 
50
50
[Service]
51
 
ExecStart=/lib/mandos/password-agent -- /lib/mandos/mandos-client --pubkey=/etc/mandos/keys/pubkey.txt --seckey=/etc/mandos/keys/seckey.txt --tls-pubkey=/etc/mandos/keys/tls-pubkey.pem --tls-privkey=/etc/mandos/keys/tls-privkey.pem
 
51
ExecStart=/lib/mandos/password-agent $PASSWORD_AGENT_OPTIONS -- /lib/mandos/mandos-client --pubkey=/etc/mandos/keys/pubkey.txt --seckey=/etc/mandos/keys/seckey.txt --tls-pubkey=/etc/mandos/keys/tls-pubkey.pem --tls-privkey=/etc/mandos/keys/tls-privkey.pem $MANDOS_CLIENT_OPTIONS
 
52
#
 
53
# Please keep the above line intact, exactly as it is!  To add extra
 
54
# options to mandos-client, instead create an override file (e.g. with
 
55
# the command "systemctl edit --force ask-password-mandos.service"),
 
56
# and, in that file, put something like the following:
 
57
#
 
58
#       [Service]
 
59
#       Environment=MANDOS_CLIENT_OPTIONS=--debug
 
60
#
 
61
# Rebuild the initramfs using this command:
 
62
#
 
63
#       dpkg-reconfigure dracut
 
64
#
 
65
# Once the system has booted (possibly by typing in the password
 
66
# manually), you can see the log using this command:
 
67
#
 
68
#       journalctl --unit=ask-password-mandos.service
 
69
#
 
70
# Lastly, to remove the override file with extra options, run:
 
71
#
 
72
#       systemctl revert ask-password-mandos.service
 
73
#
 
74
# And rebuild the initramfs again, as above.