Hello. On Fri, Jan 10, 2025 at 05:03:27PM +0000, "Fox, Kevin M" <Kevin.Fox@xxxxxxxx> wrote: > Is there a way to set `RestrictAddressFamilies=~AF_VSOCK` globally on > all units unless they have RestrictAddressFamilies set that allows it? With a generic service.d/num-restric.conf drop-in, see example with 10-all.conf in systemd.unit(5). The selected services would need a higher drop-in that would allow it again. HTH, Michal
Attachment:
signature.asc
Description: PGP signature
