A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
// Extremely hacky server program that will send a standard response | |
// to every client that connects, then closes the connection. Will | |
// issue no system calls (as measured by `strace`) after initial setup | |
// no matter how many requests are served. | |
// Yes, this program is sorely lacking in error checking. It's a toy | |
// and not meant to be taken seriously. | |
// compile with gcc no_syscall_server.c -luring |
#!/usr/bin/env perl | |
package S3::Backup; | |
use Mojo::Base -base; | |
use Carp qw(carp croak); | |
use POSIX qw(strftime ceil floor); | |
use Fcntl qw(O_WRONLY O_APPEND O_CREAT); | |
use Fcntl ':mode'; | |
#set utf8 output encoding explicitly | |
binmode( STDOUT, ":encoding(utf8)" ); |
OpenSSH_8.0p1, OpenSSL 1.1.1b 26 Feb 2019 | |
debug1: Reading configuration data /home/rsp9u/.ssh/config | |
debug1: /home/rsp9u/.ssh/config line 1: Applying options for raspi | |
debug1: Reading configuration data /etc/ssh/ssh_config | |
debug2: resolve_canonicalize: hostname 192.168.63.10 is address | |
debug2: ssh_connect_direct | |
debug1: Connecting to 192.168.63.10 [192.168.63.10] port 50022. | |
debug1: Connection established. | |
debug1: identity file /home/rsp9u/.ssh/id_rsa type 0 | |
debug1: identity file /home/rsp9u/.ssh/id_rsa-cert type -1 |
# sefindif - Find interface definitions that have a string that matches the | |
# given regular expression | |
sefindif() { | |
REGEXP="$1"; | |
pushd /usr/share/selinux/devel/include > /dev/null 2>&1; | |
for FILE in */*.if; | |
do | |
awk "/(interface\(|template\()/ { NAME=\$NF; P=0 }; /${REGEXP}/ { if (P==0) {P=1; print NAME}; print };" ${FILE} | sed -e "s:^:${FILE}\: :g"; | |
done | |
popd > /dev/null 2>&1; |
/* --- Usage --- */ | |
g++ server.c -o server | |
g++ client.c -o client | |
./server | |
./client 127.0.0.1 | |
/* --- server.c --- */ | |
#include <sys/socket.h> | |
#include <netinet/in.h> | |
#include <arpa/inet.h> |