to receive a notification via VSOCK when a virtual machine has finished booting.
Note that in case the hypervisor does not support `SOCK_DGRAM` over `AF_VSOCK`,
`SOCK_SEQPACKET` will be tried instead. The credential payload should be in the
- form: `vsock:<CID>:<PORT>`. Also note that this requires support for VHOST to be
+ form: `vsock:<CID>:<PORT>`. `vsock` may be replaced with `vsock-stream`, `vsock-dgram` or `vsock-seqpacket`
+ to force usage of the corresponding socket type. Also note that this requires support for VHOST to be
built-in both the guest and the host kernels, and the kernel modules to be loaded.
* [`systemd-sysusers(8)`](https://www.freedesktop.org/software/systemd/man/systemd-sysusers.html)
<constant>AF_VSOCK</constant> address, which is useful for hypervisors/VMMs or other processes on the
host to receive a notification when a virtual machine has finished booting. Note that in case the
hypervisor does not support <constant>SOCK_DGRAM</constant> over <constant>AF_VSOCK</constant>,
- <constant>SOCK_SEQPACKET</constant> will be used instead. The address should be in the form:
- <literal>vsock:CID:PORT</literal>. Note that unlike other uses of vsock, the CID is mandatory and cannot
- be <literal>VMADDR_CID_ANY</literal>. Note that PID1 will send the VSOCK packets from a privileged port
- (i.e.: lower than 1024), as an attempt to address concerns that unprivileged processes in the guest might
- try to send malicious notifications to the host, driving it to make destructive decisions based on
- them.</para>
+ <constant>SOCK_SEQPACKET</constant> will be used instead. <literal>vsock-stream</literal>,
+ <literal>vsock-dgram</literal> and <literal>vsock-seqpacket</literal> can be used instead of
+ <literal>vsock</literal> to force usage of the corresponding socket type. The address should be in the
+ form: <literal>vsock:CID:PORT</literal>. Note that unlike other uses of vsock, the CID is mandatory and
+ cannot be <literal>VMADDR_CID_ANY</literal>. Note that PID1 will send the VSOCK packets from a
+ privileged port (i.e.: lower than 1024), as an attempt to address concerns that unprivileged processes in
+ the guest might try to send malicious notifications to the host, driving it to make destructive decisions
+ based on them.</para>
</refsect1>
<refsect1>
<replaceable>x</replaceable> on a port <replaceable>y</replaceable> address in the
<constant>AF_VSOCK</constant> family. The CID is a unique 32-bit integer identifier in
<constant>AF_VSOCK</constant> analogous to an IP address. Specifying the CID is optional, and may be
- set to the empty string.</para>
+ set to the empty string. <literal>vsock</literal> may be replaced with
+ <literal>vsock-stream</literal>, <literal>vsock-dgram</literal> or <literal>vsock-seqpacket</literal>
+ to force usage of the corresponding socket type.</para>
<para>Note that <constant>SOCK_SEQPACKET</constant> (i.e.
<varname>ListenSequentialPacket=</varname>) is only available
<constant>SOCK_DGRAM</constant> over <constant>AF_VSOCK</constant>,
<constant>SOCK_SEQPACKET</constant> will be tried instead. The credential payload for
<constant>AF_VSOCK</constant> should be a string in the form
- <literal>vsock:CID:PORT</literal>.</para>
+ <literal>vsock:CID:PORT</literal>. <literal>vsock-stream</literal>, <literal>vsock-dgram</literal>
+ and <literal>vsock-seqpacket</literal> can be used instead of <literal>vsock</literal> to force
+ usage of the corresponding socket type.</para>
<para>This feature is useful for machine managers or other processes on the host to receive a
notification via VSOCK when a virtual machine has finished booting.</para>
projects / systemd / .git / commitdiff