Re: s6, listen(8), etc.

From: Daniel Kahn Gillmor <dkg_at_fifthhorseman.net>
Date: Mon, 05 Sep 2016 23:45:05 -0400

On Mon 2016-09-05 02:48:54 -0400, Jonathan de Boyne Pollard wrote:
> Daniel Kahn Gillmor:
>
>> #!/bin/sh
>> mkdir -p /run/kresd/workdir && \
>> setfacl -m u:kresd:rwx /run/kresd/workdir && \
>> cd /run/kresd/workdir && \
>> exec listen -udp::53 \
>> -tcp::53 \
>> -tcp:label=tls:853 \
>> -unix:label=control,mode=0600:/run/kresd/control \
>> chpst -u kresd -p 1 \
>> /usr/sbin/kresd
>
> start:
>
> #!/bin/sh -e
> install -d -m 0755 -o kresd /run/kresd/workdir
>
> stop:
>
> #!/bin/sh -e
> rm -r /run/kresd/
>
> run:
>
> #!/bin/nosh
> udp-socket-listen --systemd-compatibility --combine4and6 :: domain
> tcp-socket-listen --systemd-compatibility --combine4and6 --backlog 2 :: domain
> local-datagram-socket-listen --systemd-compatibility --mode 0666 /run/kresd/query.socket
> local-stream-socket-listen --systemd-compatibility --mode 0600 /run/kresd/control
> ./service
>
> service:
>
> #!/bin/nosh
> chdir /run/kresd/workdir
> softlimit -p 1
> setuidgid kresd
> kresd

Thanks, this looks pretty cool.

a couple caveats:

 * i don't see where the label for the sockets is passed in. how is the
   daemon supposed to know whether to listen on the tcp socket using TLS
   or not? How is it supposed to know whether the unix domain socket is
   for control or for recursive DNS queries?

 * it looks like this will result in a chain of proceses: nosh → nosh →
   kresd, rather than a single process due to the lack of exec. or am i
   misunderstanding nosh?


I see you've got debian packages available for nosh, but they aren't in
debian proper. have you considered putting them into debian?

       --dkg



Received on Tue Sep 06 2016 - 03:45:05 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:44:19 UTC