From ebde8e9fdba7bc1c8152f7e45c551030a36ece82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Bollo?= Date: Thu, 25 Jan 2018 13:47:37 +0100 Subject: [PATCH] Allow to tune sockets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allow to change the directory of sockets through a true integration of SOCKET_DIR Allow to override the socket's group of - /run/cynara/cynara-agent.socket - /run/cynara/cynara-monitor-get.socket through the newly defined variable CYNARA_ADMIN_SOCKET_GROUP Change-Id: I7d58854c328e948e3d6d7fa3fc00569fd08f8aef Signed-off-by: José Bollo --- systemd/CMakeLists.txt | 19 +++++++++++++++---- systemd/cynara-admin.socket | 14 -------------- systemd/cynara-admin.socket.in | 14 ++++++++++++++ systemd/cynara-agent.socket | 15 --------------- systemd/cynara-agent.socket.in | 15 +++++++++++++++ systemd/cynara-monitor-get.socket | 15 --------------- systemd/cynara-monitor-get.socket.in | 15 +++++++++++++++ systemd/cynara.socket | 14 -------------- systemd/cynara.socket.in | 14 ++++++++++++++ 9 files changed, 73 insertions(+), 62 deletions(-) delete mode 100644 systemd/cynara-admin.socket create mode 100644 systemd/cynara-admin.socket.in delete mode 100644 systemd/cynara-agent.socket create mode 100644 systemd/cynara-agent.socket.in delete mode 100644 systemd/cynara-monitor-get.socket create mode 100644 systemd/cynara-monitor-get.socket.in delete mode 100644 systemd/cynara.socket create mode 100644 systemd/cynara.socket.in diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt index 20accf0..1b75c12 100644 --- a/systemd/CMakeLists.txt +++ b/systemd/CMakeLists.txt @@ -16,13 +16,24 @@ # @author Lukasz Wojciechowski # +SET(CYNARA_ADMIN_SOCKET_GROUP + "security_fw" + CACHE STRING + "Group to apply on administrative sockets") + + +CONFIGURE_FILE(cynara.socket.in cynara.socket @ONLY) +CONFIGURE_FILE(cynara-admin.socket.in cynara-admin.socket @ONLY) +CONFIGURE_FILE(cynara-agent.socket.in cynara-agent.socket @ONLY) +CONFIGURE_FILE(cynara-monitor-get.socket.in cynara-monitor-get.socket @ONLY) + INSTALL(FILES ${CMAKE_SOURCE_DIR}/systemd/cynara.service ${CMAKE_SOURCE_DIR}/systemd/cynara.target - ${CMAKE_SOURCE_DIR}/systemd/cynara.socket - ${CMAKE_SOURCE_DIR}/systemd/cynara-admin.socket - ${CMAKE_SOURCE_DIR}/systemd/cynara-agent.socket - ${CMAKE_SOURCE_DIR}/systemd/cynara-monitor-get.socket + ${CMAKE_BINARY_DIR}/systemd/cynara.socket + ${CMAKE_BINARY_DIR}/systemd/cynara-admin.socket + ${CMAKE_BINARY_DIR}/systemd/cynara-agent.socket + ${CMAKE_BINARY_DIR}/systemd/cynara-monitor-get.socket DESTINATION ${SYSTEMD_UNIT_DIR} ) diff --git a/systemd/cynara-admin.socket b/systemd/cynara-admin.socket deleted file mode 100644 index ed38386..0000000 --- a/systemd/cynara-admin.socket +++ /dev/null @@ -1,14 +0,0 @@ -[Socket] -ListenStream=/run/cynara/cynara-admin.socket -SocketMode=0600 -SmackLabelIPIn=@ -SmackLabelIPOut=@ - -Service=cynara.service - -[Unit] -Wants=cynara.target -Before=cynara.target - -[Install] -WantedBy=sockets.target diff --git a/systemd/cynara-admin.socket.in b/systemd/cynara-admin.socket.in new file mode 100644 index 0000000..2364c3e --- /dev/null +++ b/systemd/cynara-admin.socket.in @@ -0,0 +1,14 @@ +[Socket] +ListenStream=@SOCKET_DIR@/cynara-admin.socket +SocketMode=0600 +SmackLabelIPIn=@ +SmackLabelIPOut=@ + +Service=cynara.service + +[Unit] +Wants=cynara.target +Before=cynara.target + +[Install] +WantedBy=sockets.target diff --git a/systemd/cynara-agent.socket b/systemd/cynara-agent.socket deleted file mode 100644 index 5a677e0..0000000 --- a/systemd/cynara-agent.socket +++ /dev/null @@ -1,15 +0,0 @@ -[Socket] -ListenStream=/run/cynara/cynara-agent.socket -SocketGroup=security_fw -SocketMode=0060 -SmackLabelIPIn=* -SmackLabelIPOut=@ - -Service=cynara.service - -[Unit] -Wants=cynara.target -Before=cynara.target - -[Install] -WantedBy=sockets.target diff --git a/systemd/cynara-agent.socket.in b/systemd/cynara-agent.socket.in new file mode 100644 index 0000000..4f86c9d --- /dev/null +++ b/systemd/cynara-agent.socket.in @@ -0,0 +1,15 @@ +[Socket] +ListenStream=@SOCKET_DIR@/cynara-agent.socket +SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@ +SocketMode=0060 +SmackLabelIPIn=* +SmackLabelIPOut=@ + +Service=cynara.service + +[Unit] +Wants=cynara.target +Before=cynara.target + +[Install] +WantedBy=sockets.target diff --git a/systemd/cynara-monitor-get.socket b/systemd/cynara-monitor-get.socket deleted file mode 100644 index a50feeb..0000000 --- a/systemd/cynara-monitor-get.socket +++ /dev/null @@ -1,15 +0,0 @@ -[Socket] -ListenStream=/run/cynara/cynara-monitor-get.socket -SocketGroup=security_fw -SocketMode=0060 -SmackLabelIPIn=@ -SmackLabelIPOut=@ - -Service=cynara.service - -[Unit] -Wants=cynara.target -Before=cynara.target - -[Install] -WantedBy=sockets.target diff --git a/systemd/cynara-monitor-get.socket.in b/systemd/cynara-monitor-get.socket.in new file mode 100644 index 0000000..b88dbf7 --- /dev/null +++ b/systemd/cynara-monitor-get.socket.in @@ -0,0 +1,15 @@ +[Socket] +ListenStream=@SOCKET_DIR@/cynara-monitor-get.socket +SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@ +SocketMode=0060 +SmackLabelIPIn=@ +SmackLabelIPOut=@ + +Service=cynara.service + +[Unit] +Wants=cynara.target +Before=cynara.target + +[Install] +WantedBy=sockets.target diff --git a/systemd/cynara.socket b/systemd/cynara.socket deleted file mode 100644 index fad2745..0000000 --- a/systemd/cynara.socket +++ /dev/null @@ -1,14 +0,0 @@ -[Socket] -ListenStream=/run/cynara/cynara.socket -SocketMode=0666 -SmackLabelIPIn=* -SmackLabelIPOut=@ - -Service=cynara.service - -[Unit] -Wants=cynara.target -Before=cynara.target - -[Install] -WantedBy=sockets.target diff --git a/systemd/cynara.socket.in b/systemd/cynara.socket.in new file mode 100644 index 0000000..ba76549 --- /dev/null +++ b/systemd/cynara.socket.in @@ -0,0 +1,14 @@ +[Socket] +ListenStream=@SOCKET_DIR@/cynara.socket +SocketMode=0666 +SmackLabelIPIn=* +SmackLabelIPOut=@ + +Service=cynara.service + +[Unit] +Wants=cynara.target +Before=cynara.target + +[Install] +WantedBy=sockets.target