diff options
Diffstat (limited to 'meta-google')
-rw-r--r-- | meta-google/recipes-google/networking/files/sslh.service | 20 | ||||
-rw-r--r-- | meta-google/recipes-google/networking/files/sslh.socket | 8 | ||||
-rw-r--r-- | meta-google/recipes-google/networking/gbmc-sslh.bb | 23 |
3 files changed, 51 insertions, 0 deletions
diff --git a/meta-google/recipes-google/networking/files/sslh.service b/meta-google/recipes-google/networking/files/sslh.service new file mode 100644 index 000000000..b6bc04a4c --- /dev/null +++ b/meta-google/recipes-google/networking/files/sslh.service @@ -0,0 +1,20 @@ +[Unit] +Description=SSL/SSH multiplexer +Requires=sslh.socket + +[Service] +ExecStart=/usr/sbin/sslh -n -f --ssh [::1]:22 --http [::1]:80 --tls [::1]:443 +KillMode=process +#Hardening +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +MountFlags=private +NoNewPrivileges=true +PrivateDevices=true +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +MemoryDenyWriteExecute=true +DynamicUser=true diff --git a/meta-google/recipes-google/networking/files/sslh.socket b/meta-google/recipes-google/networking/files/sslh.socket new file mode 100644 index 000000000..2540e5961 --- /dev/null +++ b/meta-google/recipes-google/networking/files/sslh.socket @@ -0,0 +1,8 @@ +[Unit] +Before=sslh.service + +[Socket] +ListenStream=3967 + +[Install] +WantedBy=sockets.target diff --git a/meta-google/recipes-google/networking/gbmc-sslh.bb b/meta-google/recipes-google/networking/gbmc-sslh.bb new file mode 100644 index 000000000..ec16f078f --- /dev/null +++ b/meta-google/recipes-google/networking/gbmc-sslh.bb @@ -0,0 +1,23 @@ +PR = "r1" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +inherit systemd + +RDEPENDS_${PN} += "sslh" + +SRC_URI_append = " \ + file://sslh.service \ + file://sslh.socket \ +" + +SYSTEMD_SERVICE_${PN} += "sslh.service" +SYSTEMD_SERVICE_${PN} += "sslh.socket" + +do_install() { + # Install service definitions + install -d -m 0755 ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/sslh.service ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/sslh.socket ${D}${systemd_system_unitdir} +} |