diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-07-17 12:58:19 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2020-07-21 10:32:01 +0200 |
| commit | 49f16281c90c22d34b3511c27d43ebacf22fac62 (patch) | |
| tree | 304cab60889a67527bd12d54ada1a12d575d0abc /man/systemd-journal-gatewayd.service.xml | |
| parent | c668aa8b351717cfce766cbe85a82cb3c2d40d18 (diff) | |
| download | systemd-49f16281c90c22d34b3511c27d43ebacf22fac62.tar.gz | |
tree-wide: use READ_FULL_FILE_CONNECT_SOCKET at various places
Let's use the new flag wherever we read key material/passphrases/hashes
off disk, so that people can plug in their own IPC service as backend if
they like, easily.
(My main goal was actually to support this for crypttab key files — i.e.
that you can specify AF_UNIX sockets as third column in crypttab — but
that's harder to implement, since the keys are read via libcryptsetup's
API, not ours.)
Diffstat (limited to 'man/systemd-journal-gatewayd.service.xml')
| -rw-r--r-- | man/systemd-journal-gatewayd.service.xml | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/man/systemd-journal-gatewayd.service.xml b/man/systemd-journal-gatewayd.service.xml index 0f7aaab624..a7c50f382f 100644 --- a/man/systemd-journal-gatewayd.service.xml +++ b/man/systemd-journal-gatewayd.service.xml @@ -58,26 +58,25 @@ <varlistentry> <term><option>--cert=</option></term> - <listitem><para>Specify the path to a file containing a server - certificate in PEM format. This option switches - <command>systemd-journal-gatewayd</command> into HTTPS mode - and must be used together with + <listitem><para>Specify the path to a file or <constant>AF_UNIX</constant> stream socket to read the + server certificate from. The certificate must be in PEM format. This option switches + <command>systemd-journal-gatewayd</command> into HTTPS mode and must be used together with <option>--key=</option>.</para></listitem> </varlistentry> <varlistentry> <term><option>--key=</option></term> - <listitem><para>Specify the path to a file containing a server - key in PEM format corresponding to the certificate specified - with <option>--cert=</option>.</para></listitem> + <listitem><para>Specify the path to a file or <constant>AF_UNIX</constant> stream socket to read the + server key corresponding to the certificate specified with <option>--cert=</option> from. The key + must be in PEM format.</para></listitem> </varlistentry> <varlistentry> <term><option>--trust=</option></term> - <listitem><para>Specify the path to a file containing a - CA certificate in PEM format.</para></listitem> + <listitem><para>Specify the path to a file or <constant>AF_UNIX</constant> stream socket to read a CA + certificate from. The certificate must be in PEM format.</para></listitem> </varlistentry> <varlistentry> |