]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 52e6c18)
units: tag all .varlink sockets with the right xattrs
authorLennart Poettering <lennart@amutable.com>
Wed, 3 Jun 2026 06:37:03 +0000 (08:37 +0200)
committerLennart Poettering <lennart@amutable.com>
Tue, 23 Jun 2026 21:10:01 +0000 (23:10 +0200)
This also relaxes the inode access modes a bit, in case they were set to
0600: we now set the "r" bit too, i.e. use 0644. This is beneficial
since it permits unpriv code to read the xattrs of the entrypoints
(which require read access). Note that in order to be able to connect()
to a socket inode you need write access, hence this shouldn't compromise
security in any way.

39 files changed:
units/systemd-ask-password.socket patch | blob | blame | history
units/systemd-bootctl.socket patch | blob | blame | history
units/systemd-creds.socket patch | blob | blame | history
units/systemd-factory-reset.socket patch | blob | blame | history
units/systemd-hostnamed.socket patch | blob | blame | history
units/systemd-imds-metrics.socket patch | blob | blame | history
units/systemd-imdsd.socket patch | blob | blame | history
units/systemd-importd.socket patch | blob | blame | history
units/systemd-journalctl.socket patch | blob | blame | history
units/systemd-journald-varlink@.socket patch | blob | blame | history
units/systemd-logind-varlink.socket patch | blob | blame | history
units/systemd-machined.socket patch | blob | blame | history
units/systemd-mountfsd.socket patch | blob | blame | history
units/systemd-mute-console.socket patch | blob | blame | history
units/systemd-networkd-resolve-hook.socket patch | blob | blame | history
units/systemd-networkd-varlink-metrics.socket patch | blob | blame | history
units/systemd-networkd-varlink.socket patch | blob | blame | history
units/systemd-nsresourced.socket patch | blob | blame | history
units/systemd-oomd.socket patch | blob | blame | history
units/systemd-pcrextend.socket patch | blob | blame | history
units/systemd-pcrlock.socket patch | blob | blame | history
units/systemd-repart.socket patch | blob | blame | history
units/systemd-report-basic.socket patch | blob | blame | history
units/systemd-report-cgroup.socket patch | blob | blame | history
units/systemd-report-files.socket patch | blob | blame | history
units/systemd-report-sign-plain.socket patch | blob | blame | history
units/systemd-report-sign-tsm.socket patch | blob | blame | history
units/systemd-resolved-monitor.socket patch | blob | blame | history
units/systemd-resolved-varlink.socket patch | blob | blame | history
units/systemd-storage-block.socket patch | blob | blame | history
units/systemd-storage-fs.socket patch | blob | blame | history
units/systemd-sysext.socket patch | blob | blame | history
units/systemd-udevd-varlink.socket patch | blob | blame | history
units/systemd-userdbd.socket patch | blob | blame | history
units/user/systemd-ask-password.socket patch | blob | blame | history
units/user/systemd-importd.socket patch | blob | blame | history
units/user/systemd-journalctl.socket patch | blob | blame | history
units/user/systemd-machined.socket patch | blob | blame | history
units/user/systemd-storage-fs.socket patch | blob | blame | history

diff --git a/units/systemd-ask-password.socket b/units/systemd-ask-password.socket
index df5eaffc22bd1698f70b65c39190360917ac71a6..4251ecabf49793315cb41c2ed79a4c3c30858862 100644 (file)
--- a/units/systemd-ask-password.socket
+++ b/units/systemd-ask-password.socket
@@ -20,3 +20,6 @@ FileDescriptorName=varlink
 SocketMode=0666
 Accept=yes
 MaxConnectionsPerSource=16
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
diff --git a/units/systemd-bootctl.socket b/units/systemd-bootctl.socket
index e720f24f54382ae66e36e909f002d30ffd945f99..64b42e3ce1c48b4fade3094831caebbcecee265f 100644 (file)
--- a/units/systemd-bootctl.socket
+++ b/units/systemd-bootctl.socket
@@ -18,6 +18,9 @@ Before=sockets.target
 ListenStream=/run/systemd/io.systemd.BootControl
 Symlinks=/run/varlink/registry/io.systemd.BootControl
 FileDescriptorName=varlink
-SocketMode=0600
+SocketMode=0644
 Accept=yes
 MaxConnectionsPerSource=16
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
diff --git a/units/systemd-creds.socket b/units/systemd-creds.socket
index 3ea3ca5b05398f721ae22d4e36aeeba2ea9c0b55..452c4d2bcb6028fc1f33a110eb67bae7cee27144 100644 (file)
--- a/units/systemd-creds.socket
+++ b/units/systemd-creds.socket
@@ -20,3 +20,6 @@ FileDescriptorName=varlink
 SocketMode=0666
 Accept=yes
 MaxConnectionsPerSource=16
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
diff --git a/units/systemd-factory-reset.socket b/units/systemd-factory-reset.socket
index 467517ec24b79028f1c1cd37d23f240774d5190c..bba00e0fa9593ba3901034bd26ed77054e628f4c 100644 (file)
--- a/units/systemd-factory-reset.socket
+++ b/units/systemd-factory-reset.socket
@@ -20,6 +20,9 @@ FileDescriptorName=varlink
 SocketMode=0666
 Accept=yes
 MaxConnectionsPerSource=16
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-hostnamed.socket b/units/systemd-hostnamed.socket
index f84853ade8af26b294508e98610f5341e5990fda..da938ba01979d73e3075bbfbd197e5e4b27a29d4 100644 (file)
--- a/units/systemd-hostnamed.socket
+++ b/units/systemd-hostnamed.socket
@@ -21,3 +21,5 @@ ListenStream=/run/systemd/io.systemd.Hostname
 Symlinks=/run/varlink/registry/io.systemd.Hostname
 FileDescriptorName=varlink
 SocketMode=0666
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
diff --git a/units/systemd-imds-metrics.socket b/units/systemd-imds-metrics.socket
index f71a31e5b9adc22802a6eab9ac3384eed5899e06..e828864010b9a4fad2452df0ea1e94178f93ca8d 100644 (file)
--- a/units/systemd-imds-metrics.socket
+++ b/units/systemd-imds-metrics.socket
@@ -20,3 +20,6 @@ SocketMode=0666
 Accept=yes
 MaxConnectionsPerSource=16
 RemoveOnStop=yes
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
diff --git a/units/systemd-imdsd.socket b/units/systemd-imdsd.socket
index daeb7840b3ec0176bdc42a4e554b648d795dc71a..20d8eb390334641ebbe2c97d66c08f81064d5415 100644 (file)
--- a/units/systemd-imdsd.socket
+++ b/units/systemd-imdsd.socket
@@ -21,6 +21,9 @@ SocketMode=0666
 Accept=yes
 MaxConnectionsPerSource=16
 RemoveOnStop=yes
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
 
 # Note that this is typically pulled in automatically by
 # systemd-imds-generator, but you can also enable it manually if you like.
diff --git a/units/systemd-importd.socket b/units/systemd-importd.socket
index a538ef0d0e0029fb271be00e8336aa236378f527..0fe7edce66b4d1b56daf197aebe0cad2eefe4a5a 100644 (file)
--- a/units/systemd-importd.socket
+++ b/units/systemd-importd.socket
@@ -23,3 +23,5 @@ ListenStream=/run/systemd/io.systemd.Import
 Symlinks=/run/varlink/registry/io.systemd.Import
 FileDescriptorName=varlink
 SocketMode=0666
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
diff --git a/units/systemd-journalctl.socket b/units/systemd-journalctl.socket
index 59d0af3449593abaa26b2b6930c5e54a4d4ede7e..7284b539aa0e84e0e746cb860f4ee15a12d7e06f 100644 (file)
--- a/units/systemd-journalctl.socket
+++ b/units/systemd-journalctl.socket
@@ -19,6 +19,9 @@ ListenStream=/run/systemd/io.systemd.JournalAccess
 Symlinks=/run/varlink/registry/io.systemd.JournalAccess
 FileDescriptorName=varlink
 SocketGroup=systemd-journal
-SocketMode=0660
+SocketMode=0664
 Accept=yes
 MaxConnectionsPerSource=16
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
diff --git a/units/systemd-journald-varlink@.socket b/units/systemd-journald-varlink@.socket
index e48a93c202b1531e760a8fbe23e25e139646cdd7..c8d09b93d4773b95e2b598cea9a352d647e32cc6 100644 (file)
--- a/units/systemd-journald-varlink@.socket
+++ b/units/systemd-journald-varlink@.socket
@@ -16,3 +16,5 @@ StopWhenUnneeded=yes
 Service=systemd-journald@%i.service
 ListenStream=/run/systemd/journal.%i/io.systemd.journal
 SocketMode=0666
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
diff --git a/units/systemd-logind-varlink.socket b/units/systemd-logind-varlink.socket
index 377eac7006fdf57418cbd38f248e9106ef741758..83cd5ece8c5e322b5a788d6d532cc283bbf32be2 100644 (file)
--- a/units/systemd-logind-varlink.socket
+++ b/units/systemd-logind-varlink.socket
@@ -17,3 +17,5 @@ Symlinks=/run/varlink/registry/io.systemd.Login /run/varlink/registry/io.systemd
 FileDescriptorName=varlink
 SocketMode=0666
 Service=systemd-logind.service
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
diff --git a/units/systemd-machined.socket b/units/systemd-machined.socket
index 75a91bb0cccab4f549d89aa479395ab3dbb51d7b..dbabd9376cdc2294f97eac7f446e2fba79eff867 100644 (file)
--- a/units/systemd-machined.socket
+++ b/units/systemd-machined.socket
@@ -16,3 +16,5 @@ ListenStream=/run/systemd/machine/io.systemd.Machine
 Symlinks=/run/systemd/machine/io.systemd.MachineImage /run/varlink/registry/io.systemd.Machine /run/varlink/registry/io.systemd.MachineImage
 FileDescriptorName=varlink
 SocketMode=0666
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
diff --git a/units/systemd-mountfsd.socket b/units/systemd-mountfsd.socket
index a3e19cc418cb5e9e6ea53adae39e93d18bd0e8a6..46dfb021dd24d8bb20fb5da493c99440f9d5aaa2 100644 (file)
--- a/units/systemd-mountfsd.socket
+++ b/units/systemd-mountfsd.socket
@@ -20,6 +20,8 @@ ListenStream=/run/systemd/io.systemd.MountFileSystem
 Symlinks=/run/varlink/registry/io.systemd.MountFileSystem
 FileDescriptorName=varlink
 SocketMode=0666
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-mute-console.socket b/units/systemd-mute-console.socket
index 5eae6d5acd0ad6b703f91179823fd59d864f96a0..1b7ce2bfdb2f957a875c0c71f29552bfc0c6a686 100644 (file)
--- a/units/systemd-mute-console.socket
+++ b/units/systemd-mute-console.socket
@@ -19,6 +19,9 @@ Before=shutdown.target
 ListenStream=/run/systemd/io.systemd.MuteConsole
 Symlinks=/run/varlink/registry/io.systemd.MuteConsole
 FileDescriptorName=varlink
-SocketMode=0600
+SocketMode=0644
 Accept=yes
 MaxConnectionsPerSource=16
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
diff --git a/units/systemd-networkd-resolve-hook.socket b/units/systemd-networkd-resolve-hook.socket
index 07b596319b4b5b8a7148bb704095f31a5983dfc5..e56697e77f628bf584175d4db416507fab56df4d 100644 (file)
--- a/units/systemd-networkd-resolve-hook.socket
+++ b/units/systemd-networkd-resolve-hook.socket
@@ -22,6 +22,8 @@ FileDescriptorName=resolve-hook
 SocketMode=0666
 Service=systemd-networkd.service
 RemoveOnStop=yes
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-networkd-varlink-metrics.socket b/units/systemd-networkd-varlink-metrics.socket
index 562cc6b7f2b7200ee4e1e4629cc62c19dd08e942..3ae15c13bc6ffc6648877cdd1d8d727b60a6bbb9 100644 (file)
--- a/units/systemd-networkd-varlink-metrics.socket
+++ b/units/systemd-networkd-varlink-metrics.socket
@@ -20,6 +20,8 @@ ListenStream=/run/systemd/report/io.systemd.Network
 FileDescriptorName=varlink-metrics
 SocketMode=0666
 Service=systemd-networkd.service
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-networkd-varlink.socket b/units/systemd-networkd-varlink.socket
index 1f4db858bc6adf0c60aa492be5e038cea2031072..264e81f602de575ab8d57b9f6c799df24459e9ca 100644 (file)
--- a/units/systemd-networkd-varlink.socket
+++ b/units/systemd-networkd-varlink.socket
@@ -21,6 +21,8 @@ Symlinks=/run/varlink/registry/io.systemd.Network
 FileDescriptorName=varlink
 SocketMode=0666
 Service=systemd-networkd.service
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-nsresourced.socket b/units/systemd-nsresourced.socket
index 6b4a883df302114c0a1209da569d4af292837256..2840be43e20aa4ccb21fd3c9d5e42f0937f73c97 100644 (file)
--- a/units/systemd-nsresourced.socket
+++ b/units/systemd-nsresourced.socket
@@ -20,6 +20,8 @@ ListenStream=/run/systemd/io.systemd.NamespaceResource
 Symlinks=/run/systemd/userdb/io.systemd.NamespaceResource /run/varlink/registry/io.systemd.NamespaceResource
 FileDescriptorName=varlink
 SocketMode=0666
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-oomd.socket b/units/systemd-oomd.socket
index 4e24342f5815fba9eec04275f806862f8512fc2c..9b0f822d9e57400efbc917e2f6564d4fb37a163c 100644 (file)
--- a/units/systemd-oomd.socket
+++ b/units/systemd-oomd.socket
@@ -22,6 +22,8 @@ ConditionPathExists=/proc/pressure/memory
 ListenStream=/run/systemd/oom/io.systemd.ManagedOOM
 SocketMode=0666
 RemoveOnStop=yes
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-pcrextend.socket b/units/systemd-pcrextend.socket
index 0f4ab11e2fd3c5c413840f75e9a4dba99835dc9a..2be4e51a253c1f4e733af39aabc7a2cf8f1fd660 100644 (file)
--- a/units/systemd-pcrextend.socket
+++ b/units/systemd-pcrextend.socket
@@ -19,9 +19,12 @@ ConditionSecurity=measured-os
 ListenStream=/run/systemd/io.systemd.PCRExtend
 Symlinks=/run/varlink/registry/io.systemd.PCRExtend
 FileDescriptorName=varlink
-SocketMode=0600
+SocketMode=0644
 Accept=yes
 MaxConnectionsPerSource=16
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-pcrlock.socket b/units/systemd-pcrlock.socket
index efb68186832dfdf25bbe2278cae8c0e63d723a27..637462bb4128c14afbcedf400decd0fee2b6af3a 100644 (file)
--- a/units/systemd-pcrlock.socket
+++ b/units/systemd-pcrlock.socket
@@ -19,6 +19,9 @@ ConditionSecurity=measured-uki
 ListenStream=/run/systemd/io.systemd.PCRLock
 Symlinks=/run/varlink/registry/io.systemd.PCRLock
 FileDescriptorName=varlink
-SocketMode=0600
+SocketMode=0644
 Accept=yes
 MaxConnectionsPerSource=16
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
diff --git a/units/systemd-repart.socket b/units/systemd-repart.socket
index ecd275414d54016ce40b2170835883846febd1d0..b79505fe07981d72d7059795b3206efc85c1d681 100644 (file)
--- a/units/systemd-repart.socket
+++ b/units/systemd-repart.socket
@@ -19,6 +19,9 @@ Before=shutdown.target
 ListenStream=/run/systemd/io.systemd.Repart
 Symlinks=/run/varlink/registry/io.systemd.Repart
 FileDescriptorName=varlink
-SocketMode=0600
+SocketMode=0644
 Accept=yes
 MaxConnectionsPerSource=16
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
diff --git a/units/systemd-report-basic.socket b/units/systemd-report-basic.socket
index ba5d88c8e7e21fb1497d9d35f1d0b087660f48c9..f31dab50e25704741af8d98f209b8cb15032cab0 100644 (file)
--- a/units/systemd-report-basic.socket
+++ b/units/systemd-report-basic.socket
@@ -18,6 +18,9 @@ SocketMode=0666
 Accept=yes
 MaxConnectionsPerSource=16
 RemoveOnStop=yes
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-report-cgroup.socket b/units/systemd-report-cgroup.socket
index 39a867cd40c85b52983a94393f5396a17e2f8043..2168129a7af8f1b0134e0a36dfa303bcda9a7d4a 100644 (file)
--- a/units/systemd-report-cgroup.socket
+++ b/units/systemd-report-cgroup.socket
@@ -20,6 +20,9 @@ SocketMode=0666
 Accept=yes
 MaxConnectionsPerSource=16
 RemoveOnStop=yes
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-report-files.socket b/units/systemd-report-files.socket
index f37c508cf6ba4a4890f8d8b112c644984d71b985..b5e6491a10aa441913bd0a63b5500beacf68af71 100644 (file)
--- a/units/systemd-report-files.socket
+++ b/units/systemd-report-files.socket
@@ -21,6 +21,9 @@ SocketMode=0666
 Accept=yes
 MaxConnectionsPerSource=16
 RemoveOnStop=yes
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-report-sign-plain.socket b/units/systemd-report-sign-plain.socket
index 4a6dea580d638b1e5209c044897c3c8b28c18ef2..7c3c50170917d4460880b4f0ab7b0419c5363d86 100644 (file)
--- a/units/systemd-report-sign-plain.socket
+++ b/units/systemd-report-sign-plain.socket
@@ -28,6 +28,9 @@ SocketMode=0666
 Accept=yes
 MaxConnectionsPerSource=16
 RemoveOnStop=yes
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-report-sign-tsm.socket b/units/systemd-report-sign-tsm.socket
index 1756dde8cfbae33d07e3b2d94cecdc3c8425826b..5817075fa75c3e09e1025a70a276be442a5b9cdd 100644 (file)
--- a/units/systemd-report-sign-tsm.socket
+++ b/units/systemd-report-sign-tsm.socket
@@ -22,6 +22,9 @@ SocketMode=0600
 Accept=yes
 MaxConnectionsPerSource=16
 RemoveOnStop=yes
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-resolved-monitor.socket b/units/systemd-resolved-monitor.socket
index 3674a1f876eda3256672559872c47b8fe7e8b749..9bb4dd646fe30c1abf251901f0116b90557be042 100644 (file)
--- a/units/systemd-resolved-monitor.socket
+++ b/units/systemd-resolved-monitor.socket
@@ -20,6 +20,8 @@ ListenStream=/run/systemd/resolve/io.systemd.Resolve.Monitor
 Symlinks=/run/varlink/registry/io.systemd.Resolve.Monitor
 FileDescriptorName=varlink-monitor
 SocketMode=0666
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-resolved-varlink.socket b/units/systemd-resolved-varlink.socket
index a5701683732b5da5c1f1726f846c91f900a45d16..65593df1d014a072dd2d881053e563cdaaa6cee4 100644 (file)
--- a/units/systemd-resolved-varlink.socket
+++ b/units/systemd-resolved-varlink.socket
@@ -20,6 +20,8 @@ ListenStream=/run/systemd/resolve/io.systemd.Resolve
 Symlinks=/run/varlink/registry/io.systemd.Resolve
 FileDescriptorName=varlink
 SocketMode=0666
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-storage-block.socket b/units/systemd-storage-block.socket
index 1d18b481a375a502ace4c1a9cdd253506ab21685..c8097e705b8af60c7713a4dfc19d615c2d4cc783 100644 (file)
--- a/units/systemd-storage-block.socket
+++ b/units/systemd-storage-block.socket
@@ -19,6 +19,9 @@ FileDescriptorName=varlink
 SocketMode=0666
 Accept=yes
 MaxConnectionsPerSource=16
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-storage-fs.socket b/units/systemd-storage-fs.socket
index c83cf0a11fda8c87394eff875b33692956dbeeaf..d34e39d0593a425b3fb74196d35e3246c84e55f8 100644 (file)
--- a/units/systemd-storage-fs.socket
+++ b/units/systemd-storage-fs.socket
@@ -20,6 +20,9 @@ FileDescriptorName=varlink
 SocketMode=0666
 Accept=yes
 MaxConnectionsPerSource=16
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-sysext.socket b/units/systemd-sysext.socket
index 61d7268f377d97176f273769ec2bfd03825ecf12..209592134b3fd29a215b75c4c2e4b0fffde5b5ab 100644 (file)
--- a/units/systemd-sysext.socket
+++ b/units/systemd-sysext.socket
@@ -22,6 +22,9 @@ FileDescriptorName=varlink
 SocketMode=0666
 Accept=yes
 MaxConnectionsPerSource=16
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/systemd-udevd-varlink.socket b/units/systemd-udevd-varlink.socket
index c2b7652e5eaeb098724c8a51501a9419497ff19a..b1094b9c9b78d834204c97e7eeb20e0503dca74d 100644 (file)
--- a/units/systemd-udevd-varlink.socket
+++ b/units/systemd-udevd-varlink.socket
@@ -19,6 +19,8 @@ Service=systemd-udevd.service
 ListenStream=/run/udev/io.systemd.Udev
 Symlinks=/run/varlink/registry/io.systemd.Udev
 FileDescriptorName=varlink
-SocketMode=0600
+SocketMode=0644
 RemoveOnStop=yes
 DeferTrigger=yes
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
diff --git a/units/systemd-userdbd.socket b/units/systemd-userdbd.socket
index 6793d1b41df1b88af54bde312bcce0e8311cf7d7..83f3d7e5607e856a7fa89ea909bea71d7d80a3ee 100644 (file)
--- a/units/systemd-userdbd.socket
+++ b/units/systemd-userdbd.socket
@@ -19,6 +19,8 @@ Symlinks=/run/systemd/userdb/io.systemd.NameServiceSwitch /run/systemd/userdb/io
 FileDescriptorName=varlink
 SocketMode=0666
 RemoveOnStop=yes
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
 
 [Install]
 WantedBy=sockets.target
diff --git a/units/user/systemd-ask-password.socket b/units/user/systemd-ask-password.socket
index 56492fae54df5a3611938cac36ff4748bc58f9ca..13a23795578bee071ad3aa97cc2aa97cf863a93b 100644 (file)
--- a/units/user/systemd-ask-password.socket
+++ b/units/user/systemd-ask-password.socket
@@ -19,3 +19,6 @@ Symlinks=%t/varlink/registry/io.systemd.AskPassword
 FileDescriptorName=varlink
 SocketMode=0600
 Accept=yes
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
diff --git a/units/user/systemd-importd.socket b/units/user/systemd-importd.socket
index 67ea62bdb0aee4b0a1f7f3ee54ef6c701941a9f7..35108341f5055fc9ebe14147fb90c4bdf10c7fc4 100644 (file)
--- a/units/user/systemd-importd.socket
+++ b/units/user/systemd-importd.socket
@@ -17,3 +17,5 @@ ListenStream=%t/systemd/io.systemd.Import
 Symlinks=%t/varlink/registry/io.systemd.Import
 FileDescriptorName=varlink
 SocketMode=0600
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
diff --git a/units/user/systemd-journalctl.socket b/units/user/systemd-journalctl.socket
index b8a504f0f30f3ac14bf1842973b0d023ab164d1e..a711ca2127e1be798f01636977f6fae255bcdcc6 100644 (file)
--- a/units/user/systemd-journalctl.socket
+++ b/units/user/systemd-journalctl.socket
@@ -17,3 +17,6 @@ Symlinks=%t/varlink/registry/io.systemd.JournalAccess
 FileDescriptorName=varlink
 SocketMode=0600
 Accept=yes
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
diff --git a/units/user/systemd-machined.socket b/units/user/systemd-machined.socket
index 17e552a7dcb56a43c4b69d8935e953a85b8df468..ffb4ff1ce322cf5dec1bf2aacee75364a5d12049 100644 (file)
--- a/units/user/systemd-machined.socket
+++ b/units/user/systemd-machined.socket
@@ -16,3 +16,5 @@ ListenStream=%t/systemd/machine/io.systemd.Machine
 Symlinks=%t/systemd/machine/io.systemd.MachineImage %t/varlink/registry/io.systemd.Machine %t/varlink/registry/io.systemd.MachineImage
 FileDescriptorName=varlink
 SocketMode=0600
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
diff --git a/units/user/systemd-storage-fs.socket b/units/user/systemd-storage-fs.socket
index fa8018b2e85523b317260ff0ac7b26e73730e549..23af4d79e6b53f85dd3b8729e73392d5e686de26 100644 (file)
--- a/units/user/systemd-storage-fs.socket
+++ b/units/user/systemd-storage-fs.socket
@@ -18,6 +18,9 @@ FileDescriptorName=varlink
 SocketMode=0600
 Accept=yes
 MaxConnectionsPerSource=16
+XAttrEntryPoint=user.varlink=entrypoint
+XAttrListen=user.varlink=listen
+XAttrAccept=user.varlink=server
 
 [Install]
 WantedBy=sockets.target
Unnamed repository; edit this file 'description' to name the repository.