Hi, I use ------------------------- snip ------------------------- [~]$ systemd --version systemd 252 (252.1-1) +PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified [~]$ uname -a Linux sappc1 6.0.0-4-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.0.8-1 (2022-11-11) x86_64 GNU/Linux ------------------------- snip ------------------------- on Debian testing. Without Gnome, if that matters, but rather with lightdm and fvwm3. The following works as expected: ------------------------- snip ------------------------- [~]$ systemd-run --scope -p IPAddressDeny=any /bin/bash ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ==== Authentication is required to manage system services or other units. Authenticating as: Farblos,,, (farblos) Password: ==== AUTHENTICATION COMPLETE ==== Running scope as unit: run-u294.scope [~]$ ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. ^C --- 8.8.8.8 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2052ms ------------------------- snip ------------------------- But with "--user" it does not, packets are not blocked: ------------------------- snip ------------------------- [~]$ systemd-run --user --scope -p IPAddressDeny=any /bin/bash Running scope as unit: run-r256958d66c5342048ef95da34ca76b68.scope [~]$ ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=30.4 ms ^C --- 8.8.8.8 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 30.432/30.432/30.432/0.000 ms ------------------------- snip ------------------------- I can imagine that the latter scenario is not supported or requires additional configuration (which?), but I have not found any hints on that, neither in systemd.resource-control(5) nor in [1.] or [8.] from that man page. Pointers and help appreciated. Jens
Using IPAddressAllow/IPAddressDeny on --user scopes
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Using IPAddressAllow/IPAddressDeny on --user scopes
- From: "Farblos" <AKFKQU.9DF7RP@xxxxxxxxxxxxxxx>
- Date: Tue, 13 Dec 2022 22:34:15 +0100
- Follow-Ups:
- Re: Using IPAddressAllow/IPAddressDeny on --user scopes
- From: Lennart Poettering
- Re: Using IPAddressAllow/IPAddressDeny on --user scopes
- Prev by Date: hwdb.d/60-sensors.hwdb: PROXIMITY_NEAR_LEVEL does not match the kernel documentation
- Next by Date: Trying to understand change in PCR 4 extension behavior
- Previous by thread: hwdb.d/60-sensors.hwdb: PROXIMITY_NEAR_LEVEL does not match the kernel documentation
- Next by thread: Re: Using IPAddressAllow/IPAddressDeny on --user scopes
- Index(es):
 |