On Wed, Sep 27, 2023 at 06:19:27PM +0200, Andrea Bolognani wrote: > Only the main socket is actually necessary for the service to be > usable. > > In the past, we've had security issues that could be exploited via > access to the read-only socket, so a security-minded administrator > might consider disabling all optional sockets. This change makes > such a setup possible. > > Note that the services will still try to activate all their > sockets on startup, even if they have been disabled. To make sure > that the optional sockets are never started, they will have to be > masked. > > Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx> > --- > src/locking/virtlockd.service.in | 2 +- > src/logging/virtlogd.service.in | 2 +- > src/virtd.service.in | 4 ++-- > 3 files changed, 4 insertions(+), 4 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
