[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[shepherd] 27/32: service: 'make-inetd-constructor' lets the caller spec
|
From: |
Ludovic Courtès |
|
Subject: |
[shepherd] 27/32: service: 'make-inetd-constructor' lets the caller specify socket ownership. |
|
Date: |
Wed, 30 Mar 2022 11:01:33 -0400 (EDT) |
civodul pushed a commit to branch master
in repository shepherd.
commit 723319a689c09e5b9d67dd4427b35333770529f2
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Mon Mar 28 21:48:01 2022 +0200
service: 'make-inetd-constructor' lets the caller specify socket ownership.
* modules/shepherd/service.scm (make-inetd-constructor): Add
#:socket-owner, #:socket-group, and #:socket-directory-permissions
parameters. Honor them.
* doc/shepherd.texi (Service De- and Constructors): Document it.
---
doc/shepherd.texi | 8 ++++++++
modules/shepherd/service.scm | 28 +++++++++++++++++++++++++---
2 files changed, 33 insertions(+), 3 deletions(-)
diff --git a/doc/shepherd.texi b/doc/shepherd.texi
index d764970..4867ceb 100644
--- a/doc/shepherd.texi
+++ b/doc/shepherd.texi
@@ -1068,6 +1068,8 @@ in charge of listening.
@deffn {procedure} make-inetd-constructor @var{command} @var{address}
[#:service-name-stem _] [#:requirements '()] @
[#:socket-style SOCK_STREAM] [#:listen-backlog 10] @
+ [#:socket-owner (getuid)] [#:socket-group (getgid)] @
+ [#:socket-directory-permissions #o755] @
[#:max-connections (default-inetd-max-connections)] @
[#:user #f] @
[#:group #f] @
@@ -1079,6 +1081,12 @@ in charge of listening.
Return a procedure that opens a socket listening to @var{address}, an
object as returned by @code{make-socket-address}, and accepting connections in
the background; the @var{listen-backlog} argument is passed to @var{accept}.
+
+When @var{address} is of type @code{AF_UNIX}, @var{socket-owner} and
+@var{socket-group} are strings or integers that specify its ownership and that
+of its parent directory; @var{socket-directory-permissions} specifies the
+permissions for its parent directory.
+
Upon a client connection, a transient service running @var{command} is
spawned. Only up to @var{max-connections} simultaneous connections are
accepted; when that threshold is reached, new connections are immediately
diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm
index e0bc444..d0d6159 100644
--- a/modules/shepherd/service.scm
+++ b/modules/shepherd/service.scm
@@ -1309,6 +1309,9 @@ as argument, where SIGNAL defaults to `SIGTERM'."
(basename program))))
(requirements '())
(socket-style SOCK_STREAM)
+ (socket-owner (getuid))
+ (socket-group (getgid))
+ (socket-directory-permissions #o755)
(listen-backlog 10)
(max-connections
(default-inetd-max-connections))
@@ -1324,6 +1327,12 @@ as argument, where SIGNAL defaults to `SIGTERM'."
"Return a procedure that opens a socket listening to @var{address}, an
object as returned by @code{make-socket-address}, and accepting connections in
the background; the @var{listen-backlog} argument is passed to @var{accept}.
+
+When @var{address} is of type @code{AF_UNIX}, @var{socket-owner} and
+@var{socket-group} are strings or integers that specify its ownership and that
+of its parent directory; @var{socket-directory-permissions} specifies the
+permissions for its parent directory.
+
Upon a client connection, a transient service running @var{command} is
spawned. Only up to @var{max-connections} simultaneous connections are
accepted; when that threshold is reached, new connections are immediately
@@ -1378,13 +1387,26 @@ The remaining arguments are as for
@code{make-forkexec-constructor}."
(start service)))
(lambda args
- (let ((sock (non-blocking-port
- (socket (sockaddr:fam address) socket-style 0))))
+ (let ((sock (non-blocking-port
+ (socket (sockaddr:fam address) socket-style 0)))
+ (owner (if (integer? socket-owner)
+ socket-owner
+ (passwd:uid (getpwnam socket-owner))))
+ (group (if (integer? socket-group)
+ socket-group
+ (group:gid (getgrnam socket-group)))))
(setsockopt sock SOL_SOCKET SO_REUSEADDR 1)
+
(when (= AF_UNIX (sockaddr:fam address))
- (mkdir-p (dirname (sockaddr:path address)))
+ (mkdir-p (dirname (sockaddr:path address))
+ socket-directory-permissions)
+ (chown (dirname (sockaddr:path address)) owner group)
(catch-system-error (delete-file (sockaddr:path address))))
(bind sock address)
+ (when (= AF_UNIX (sockaddr:fam address))
+ (chown sock owner group)
+ (chmod sock #o666))
+
(listen sock listen-backlog)
(spawn-fiber
(lambda ()
- [shepherd] 17/32: service: Remove unused 'make-init.d-service'., (continued)
- [shepherd] 17/32: service: Remove unused 'make-init.d-service'., Ludovic Courtès, 2022/03/30
- [shepherd] 24/32: shepherd: "shepherd -s -" replies to the current output port., Ludovic Courtès, 2022/03/30
- [shepherd] 26/32: service: Add #:max-connections to 'make-inetd-constructor'., Ludovic Courtès, 2022/03/30
- [shepherd] 16/32: support: 'l10n' accepts plural forms., Ludovic Courtès, 2022/03/30
- [shepherd] 23/32: shepherd: Remove half-baked readline support., Ludovic Courtès, 2022/03/30
- [shepherd] 30/32: Avoid Guile run-time warning about overridden 'sleep' binding., Ludovic Courtès, 2022/03/30
- [shepherd] 29/32: shepherd: Gracefully handle failure to open the socket., Ludovic Courtès, 2022/03/30
- [shepherd] 05/32: shepherd: Factorize out the main loop., Ludovic Courtès, 2022/03/30
- [shepherd] 19/32: service: Add inetd constructor and destructor., Ludovic Courtès, 2022/03/30
- [shepherd] 20/32: service: Allow 'running' value to be a thunk., Ludovic Courtès, 2022/03/30
- [shepherd] 27/32: service: 'make-inetd-constructor' lets the caller specify socket ownership.,
Ludovic Courtès <=
- [shepherd] 32/32: build: Bump to version 0.9.0rc1., Ludovic Courtès, 2022/03/30