This controls the new SO_PASSRIGHTS socket option in kernel v6.16.
Note that I intentionally choose a different naming scheme than
Pass*=, since all other Pass*= options controls whether some extra
bits are attached to the message, while this one's about denying
file descriptor transfer and it feels more explicit this way.
And diverging from underlying socket option name is precedented
by Timestamping=. But happy to change it to just say PassRights=
if people disagree.
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PassPacketInfo = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+ readonly b AcceptFileDescriptors = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s Timestamping = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b RemoveOnStop = ...;
<!--property PassPacketInfo is not documented!-->
+ <!--property AcceptFileDescriptors is not documented!-->
+
<!--property Timestamping is not documented!-->
<!--property RemoveOnStop is not documented!-->
<variablelist class="dbus-property" generated="True" extra-ref="PassPacketInfo"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="AcceptFileDescriptors"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="Timestamping"/>
<variablelist class="dbus-property" generated="True" extra-ref="RemoveOnStop"/>
<varname>PrivatePIDs</varname> were added in version 257.</para>
<para><varname>ProtectHostnameEx</varname>,
<varname>PassPIDFD</varname>,
+ <varname>AcceptFileDescriptors</varname>,
<varname>DelegateNamespaces</varname>, and
<function>RemoveSubgroup()</function> were added in version 258.</para>
</refsect2>
<xi:include href="version-info.xml" xpointer="v246"/></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>AcceptFileDescriptors=</varname></term>
+
+ <listitem><para>Takes a boolean value. This controls the <constant>SO_PASSRIGHTS</constant> socket
+ option, which when disabled prohibits the peer from sending <constant>SCM_RIGHTS</constant>
+ ancillary messages (aka file descriptors) via <constant>AF_UNIX</constant> sockets. Defaults to
+ <option>true</option>.</para>
+
+ <xi:include href="version-info.xml" xpointer="v258"/></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>Timestamping=</varname></term>
<listitem><para>Takes one of <literal>off</literal>, <literal>us</literal> (alias:
SD_BUS_PROPERTY("PassPIDFD", "b", bus_property_get_bool, offsetof(Socket, pass_pidfd), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("PassSecurity", "b", bus_property_get_bool, offsetof(Socket, pass_sec), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("PassPacketInfo", "b", bus_property_get_bool, offsetof(Socket, pass_pktinfo), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("AcceptFileDescriptors", "b", bus_property_get_bool, offsetof(Socket, pass_rights), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("Timestamping", "s", property_get_timestamping, offsetof(Socket, timestamping), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("RemoveOnStop", "b", bus_property_get_bool, offsetof(Socket, remove_on_stop), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("Listen", "a(ss)", property_get_listen, 0, SD_BUS_VTABLE_PROPERTY_CONST),
if (streq(name, "PassPacketInfo"))
return bus_set_transient_bool(u, name, &s->pass_pktinfo, message, flags, error);
+ if (streq(name, "AcceptFileDescriptors"))
+ return bus_set_transient_bool(u, name, &s->pass_rights, message, flags, error);
+
if (streq(name, "Timestamping"))
return bus_set_transient_socket_timestamping(u, name, &s->timestamping, message, flags, error);
Socket.PassPIDFD, config_parse_bool, 0, offsetof(Socket, pass_pidfd)
Socket.PassSecurity, config_parse_bool, 0, offsetof(Socket, pass_sec)
Socket.PassPacketInfo, config_parse_bool, 0, offsetof(Socket, pass_pktinfo)
+Socket.AcceptFileDescriptors, config_parse_bool, 0, offsetof(Socket, pass_rights)
Socket.Timestamping, config_parse_socket_timestamping, 0, offsetof(Socket, timestamping)
Socket.TCPCongestion, config_parse_string, 0, offsetof(Socket, tcp_congestion)
Socket.ReusePort, config_parse_bool, 0, offsetof(Socket, reuse_port)
s->max_connections = 64;
+ s->pass_rights = true; /* defaults to enabled in kernel */
s->priority = -1;
s->ip_tos = -1;
s->ip_ttl = -1;
"%sPassPIDFD: %s\n"
"%sPassSecurity: %s\n"
"%sPassPacketInfo: %s\n"
+ "%sAcceptFileDescriptors: %s\n"
"%sTCPCongestion: %s\n"
"%sRemoveOnStop: %s\n"
"%sWritable: %s\n"
prefix, yes_no(s->pass_pidfd),
prefix, yes_no(s->pass_sec),
prefix, yes_no(s->pass_pktinfo),
+ prefix, yes_no(s->pass_rights),
prefix, strna(s->tcp_congestion),
prefix, yes_no(s->remove_on_stop),
prefix, yes_no(s->writable),
log_unit_warning_errno(UNIT(s), r, SOCKET_OPTION_WARNING_FORMAT_STR, "packet info");
}
+ if (!s->pass_rights) {
+ r = setsockopt_int(fd, SOL_SOCKET, SO_PASSRIGHTS, false);
+ if (r < 0)
+ log_unit_full_errno(UNIT(s), ERRNO_IS_NEG_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, r,
+ SOCKET_OPTION_WARNING_FORMAT_STR, "SO_PASSRIGHTS");
+ }
+
if (s->timestamping != SOCKET_TIMESTAMPING_OFF) {
r = setsockopt_int(fd, SOL_SOCKET,
s->timestamping == SOCKET_TIMESTAMPING_NS ? SO_TIMESTAMPNS : SO_TIMESTAMP,
bool pass_pidfd;
bool pass_sec;
bool pass_pktinfo;
+ bool pass_rights;
SocketTimestamping timestamping;
/* Only for INET6 sockets: issue IPV6_V6ONLY sockopt */
"PassPIDFD",
"PassSecurity",
"PassPacketInfo",
+ "AcceptFileDescriptors",
"ReusePort",
"RemoveOnStop",
"PassFileDescriptorsToExec",
projects / thirdparty / systemd.git / commitdiff
