mirror of
https://github.com/systemd/systemd.git
synced 2026-06-24 08:47:49 +00:00
eb6e5b07f1
This service's job is to talk to a VM associated IMDS service provided by the local Cloud. It tries to abstract the protocol differences various IMDS implementations implement, but does *not* really try to abstract more than a few basic fields of the actual IMDS metadata. IMDS access is wrapped in a Varlink API that local clients can talk to. If possible this makes use of the IMDS endpoint information that has been added to hwdb in the preceeding commit. However, endpoint info can also be provided via kernel command line and credentials. For debugging purposes we also accept them via environment variables and command line arguments. This adds a concept of early-boot networking, just enough to be able to talk to the IMDS service. It is minimally configurable via a kernel cmdline option (and a build-time option): the user may choose between "locked" and "unlocked" mode. In the former mode direct access to IMDS via HTTPS is blocked via a prohibit route (and thus all IMDS communication has to be done via systemd-imdsd@.service). In the latter case no such lockdown takes place, and IMDS may be acquired both via this new service and directly. The latter is typically a good idea for compatibility with current systems, the former is preferable for secure installations. Access to IMDS fields is controlled via PK.
Files in this directory contain configuration for systemd-sysusers, a program to allocate system users and groups. See man:sysusers.d(5) for explanation of the configuration file format, and man:systemd-sysusers(8) for a description of when and how this configuration is applied. Use 'systemd-analyze cat-config sysusers.d' to display the effective config.