On Wed, Sep 27, 2023 at 06:19:27PM +0200, Andrea Bolognani wrote:
Only the main socket is actually necessary for the service to be usable.
In the past, we've had security issues that could be exploited via access to the read-only socket, so a security-minded administrator might consider disabling all optional sockets. This change makes such a setup possible.
Note that the services will still try to activate all their sockets on startup, even if they have been disabled. To make sure that the optional sockets are never started, they will have to be masked.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- src/locking/virtlockd.service.in | 2 +- src/logging/virtlogd.service.in | 2 +- src/virtd.service.in | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|