Allow setting unix socket mode #4344
Conversation
|
|
2xsaiko
force-pushed
the
push-uqsozolyrlor
branch
from
78ef371 to
0c7495f
Compare
Signed-off-by: Marco Rebhan <[email protected]>
2xsaiko
force-pushed
the
push-uqsozolyrlor
branch
from
0c7495f to
9d1d341
Compare
| if let Some(mode) = mode { | ||
| let mut permissions = fs::metadata(socket) | ||
| .context("could not read socket metadata")? | ||
| .permissions(); | ||
| let mode = u32::from_str_radix(mode, 8) | ||
| .with_context(|| format!("could not parse mode: {mode}"))?; | ||
| permissions.set_mode(mode); | ||
| fs::set_permissions(socket, permissions) | ||
| .context("could not set socket permissions")?; | ||
| } |
There was a problem hiding this comment.
To avoid any potential race conditions, I would appreciate if we used the opened file descriptor directly.
This is a little bit annoying to do, but basically, you can:
- keep opening the socket with
UnixListener::bind - transform it into an
OwnedFd - transform it into a
File - do the permissions operations using
File::set_permissions - transform it back to an
OwnedFdthen back to aUnixListener
This way we're sure that if for some reason the socket gets deleted, gets moved or whatever, we don't end up doing operations on the wrong file. It only ever gets opened once
| @@ -124,6 +124,9 @@ pub enum BindConfig { | |||
| /// Path to the socket | |||
| #[schemars(with = "String")] | |||
| socket: Utf8PathBuf, | |||
|
|
|||
| /// Socket file mode | |||
There was a problem hiding this comment.
Please add in the comment what form you expect this to be. You could also use schemars' example attribute, which will appear in the generate JSONSchema
| @@ -58,6 +58,7 @@ http: | |||
|
|
|||
| # Third option: listen on the given UNIX socket | |||
| - socket: /tmp/mas.sock | |||
| mode: "660" # optional | |||
There was a problem hiding this comment.
| mode: "660" # optional | |
| mode: "660" # permissions to set on the socket, optional |
No description provided.