diff options
author | William A. Kennington III <wak@google.com> | 2021-02-17 01:57:41 +0300 |
---|---|---|
committer | William A. Kennington III <wak@google.com> | 2021-02-17 22:00:50 +0300 |
commit | 7f11d1ffd591a1cf63b7a6de87c7c257a6ed99ea (patch) | |
tree | 02d1a0572fa21160108b6c4760a34dd0c8894873 /meta-google/recipes-google/ncsi/files | |
parent | d45e4b3403c5a844c93be4faa4cefce631f537d0 (diff) | |
download | openbmc-7f11d1ffd591a1cf63b7a6de87c7c257a6ed99ea.tar.xz |
meta-google: Fold gbmc-sslh into gbmc-ncsi-config
Logically these packages belong together and don't make much sense
without each other. Combine them to reduce package complexity for users.
Change-Id: I3d3998f8d10cacbd01f6d883b0033a3260ff60df
Signed-off-by: William A. Kennington III <wak@google.com>
Diffstat (limited to 'meta-google/recipes-google/ncsi/files')
-rw-r--r-- | meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.service | 20 | ||||
-rw-r--r-- | meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.socket.in | 9 |
2 files changed, 29 insertions, 0 deletions
diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.service b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.service new file mode 100644 index 000000000..b6bc04a4c --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.service @@ -0,0 +1,20 @@ +[Unit] +Description=SSL/SSH multiplexer +Requires=sslh.socket + +[Service] +ExecStart=/usr/sbin/sslh -n -f --ssh [::1]:22 --http [::1]:80 --tls [::1]:443 +KillMode=process +#Hardening +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +MountFlags=private +NoNewPrivileges=true +PrivateDevices=true +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +MemoryDenyWriteExecute=true +DynamicUser=true diff --git a/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.socket.in b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.socket.in new file mode 100644 index 000000000..9e5f5949d --- /dev/null +++ b/meta-google/recipes-google/ncsi/files/gbmc-ncsi-sslh.socket.in @@ -0,0 +1,9 @@ +[Unit] +Before=sslh.service + +[Socket] +BindToDevice=@NCSI_IF@ +ListenStream=3967 + +[Install] +WantedBy=sockets.target |