Allow setting unix socket mode #4344
Conversation
|
|
dblsaiko
force-pushed
the
push-uqsozolyrlor
branch
2 times, most recently
from
0c7495f to
9d1d341
Compare
| if let Some(mode) = mode { | ||
| let mut permissions = fs::metadata(socket) | ||
| .context("could not read socket metadata")? | ||
| .permissions(); | ||
| let mode = u32::from_str_radix(mode, 8) | ||
| .with_context(|| format!("could not parse mode: {mode}"))?; | ||
| permissions.set_mode(mode); | ||
| fs::set_permissions(socket, permissions) | ||
| .context("could not set socket permissions")?; | ||
| } |
There was a problem hiding this comment.
To avoid any potential race conditions, I would appreciate if we used the opened file descriptor directly.
This is a little bit annoying to do, but basically, you can:
- keep opening the socket with
UnixListener::bind - transform it into an
OwnedFd - transform it into a
File - do the permissions operations using
File::set_permissions - transform it back to an
OwnedFdthen back to aUnixListener
This way we're sure that if for some reason the socket gets deleted, gets moved or whatever, we don't end up doing operations on the wrong file. It only ever gets opened once
There was a problem hiding this comment.
That unfortunately doesn't work, calling fchmod on a socket fd does nothing. See https://stackoverflow.com/a/15450698
(Still, change here: dblsaiko@push-looktxnmnmsw)
crates/config/src/sections/http.rs
Outdated
| @@ -124,6 +124,9 @@ pub enum BindConfig { | |||
| /// Path to the socket | |||
| #[schemars(with = "String")] | |||
| socket: Utf8PathBuf, | |||
|
|
|||
| /// Socket file mode | |||
There was a problem hiding this comment.
Please add in the comment what form you expect this to be. You could also use schemars' example attribute, which will appear in the generate JSONSchema
docs/reference/configuration.md
Outdated
| @@ -58,6 +58,7 @@ http: | |||
|
|
|||
| # Third option: listen on the given UNIX socket | |||
| - socket: /tmp/mas.sock | |||
| mode: "660" # optional | |||
There was a problem hiding this comment.
| mode: "660" # optional | |
| mode: "660" # permissions to set on the socket, optional |
dblsaiko
force-pushed
the
push-uqsozolyrlor
branch
from
9d1d341 to
7dbcbc5
Compare
dblsaiko
force-pushed
the
push-uqsozolyrlor
branch
from
7dbcbc5 to
692c826
Compare
Signed-off-by: Katalin Rebhan <[email protected]>
dblsaiko
force-pushed
the
push-uqsozolyrlor
branch
from
692c826 to
5676b41
Compare
No description provided.