mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34f53f85bc
One of the lessons of the XZ backdoor story was that just linking to libsystemd to call sd_notify is discouraged by the systemd project: Lennart Poettering: "PSA: In context of the xzpocalypse we now added an example reimplementation of sd_notify() to our man page: https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html#Notes It's pretty comprehensive (i.e. uses it for reload notification too), but still relatively short. In the past, I have been telling anyone who wanted to listen that if all you want is sd_notify() then don't bother linking to libsystemd, since the protocol is stable and should be considered the API, not our C wrapper around it. After all, the protocol is so trivial" From: https://mastodon.social/@pid_eins/112202687764571433 This commit takes the example code and uses it to reimplement the notify logic. The code is enabled if Linux is detected in configure. Since the code won't do anything if the NOTIFY_SOCKET env var isn't set, this should also work fine on systems w/o systemd. Ticket: #6913. |
1 year ago | |
|---|---|---|
| .. | ||
| suricata-yaml | 3 years ago | |
| dropping-privileges.rst | 5 years ago | |
| exception-policies.rst | 1 year ago | |
| global-thresholds.rst | 5 years ago | |
| includes.rst | 2 years ago | |
| index.rst | 2 years ago | |
| landlock.rst | 3 years ago | |
| multi-tenant.rst | 2 years ago | |
| snort-to-suricata.rst | 2 years ago | |
| suricata-yaml.rst | 1 year ago | |
| systemd-notify.rst | 1 year ago | |