From d919b110a2fbccdce084c651f4d7d7de66f2f869 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Bollo?= Date: Thu, 25 Jan 2018 13:47:37 +0100 Subject: [PATCH 5/6] Allow to tune sockets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allow to change the directory of sockets through a true integration of SOCKET_DIR Allow to override the socket's group of - /run/cynara/cynara-agent.socket - /run/cynara/cynara-monitor-get.socket through the newly defined variable CYNARA_ADMIN_SOCKET_GROUP Change-Id: I7d58854c328e948e3d6d7fa3fc00569fd08f8aef Signed-off-by: José Bollo --- systemd/CMakeLists.txt | 19 +++++++++++++++---- .../{cynara-admin.socket => cynara-admin.socket.in} | 2 +- .../{cynara-agent.socket => cynara-agent.socket.in} | 4 ++-- ...onitor-get.socket => cynara-monitor-get.socket.in} | 4 ++-- systemd/{cynara.socket => cynara.socket.in} | 2 +- 5 files changed, 21 insertions(+), 10 deletions(-) rename systemd/{cynara-admin.socket => cynara-admin.socket.in} (78%) rename systemd/{cynara-agent.socket => cynara-agent.socket.in} (66%) rename systemd/{cynara-monitor-get.socket => cynara-monitor-get.socket.in} (64%) rename systemd/{cynara.socket => cynara.socket.in} (80%) diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt index 20accf0..1b75c12 100644 --- a/systemd/CMakeLists.txt +++ b/systemd/CMakeLists.txt @@ -16,13 +16,24 @@ # @author Lukasz Wojciechowski # +SET(CYNARA_ADMIN_SOCKET_GROUP + "security_fw" + CACHE STRING + "Group to apply on administrative sockets") + + +CONFIGURE_FILE(cynara.socket.in cynara.socket @ONLY) +CONFIGURE_FILE(cynara-admin.socket.in cynara-admin.socket @ONLY) +CONFIGURE_FILE(cynara-agent.socket.in cynara-agent.socket @ONLY) +CONFIGURE_FILE(cynara-monitor-get.socket.in cynara-monitor-get.socket @ONLY) + INSTALL(FILES ${CMAKE_SOURCE_DIR}/systemd/cynara.service ${CMAKE_SOURCE_DIR}/systemd/cynara.target - ${CMAKE_SOURCE_DIR}/systemd/cynara.socket - ${CMAKE_SOURCE_DIR}/systemd/cynara-admin.socket - ${CMAKE_SOURCE_DIR}/systemd/cynara-agent.socket - ${CMAKE_SOURCE_DIR}/systemd/cynara-monitor-get.socket + ${CMAKE_BINARY_DIR}/systemd/cynara.socket + ${CMAKE_BINARY_DIR}/systemd/cynara-admin.socket + ${CMAKE_BINARY_DIR}/systemd/cynara-agent.socket + ${CMAKE_BINARY_DIR}/systemd/cynara-monitor-get.socket DESTINATION ${SYSTEMD_UNIT_DIR} ) diff --git a/systemd/cynara-admin.socket b/systemd/cynara-admin.socket.in similarity index 78% rename from systemd/cynara-admin.socket rename to systemd/cynara-admin.socket.in index ed38386..2364c3e 100644 --- a/systemd/cynara-admin.socket +++ b/systemd/cynara-admin.socket.in @@ -1,5 +1,5 @@ [Socket] -ListenStream=/run/cynara/cynara-admin.socket +ListenStream=@SOCKET_DIR@/cynara-admin.socket SocketMode=0600 SmackLabelIPIn=@ SmackLabelIPOut=@ diff --git a/systemd/cynara-agent.socket b/systemd/cynara-agent.socket.in similarity index 66% rename from systemd/cynara-agent.socket rename to systemd/cynara-agent.socket.in index 5a677e0..4f86c9d 100644 --- a/systemd/cynara-agent.socket +++ b/systemd/cynara-agent.socket.in @@ -1,6 +1,6 @@ [Socket] -ListenStream=/run/cynara/cynara-agent.socket -SocketGroup=security_fw +ListenStream=@SOCKET_DIR@/cynara-agent.socket +SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@ SocketMode=0060 SmackLabelIPIn=* SmackLabelIPOut=@ diff --git a/systemd/cynara-monitor-get.socket b/systemd/cynara-monitor-get.socket.in similarity index 64% rename from systemd/cynara-monitor-get.socket rename to systemd/cynara-monitor-get.socket.in index a50feeb..b88dbf7 100644 --- a/systemd/cynara-monitor-get.socket +++ b/systemd/cynara-monitor-get.socket.in @@ -1,6 +1,6 @@ [Socket] -ListenStream=/run/cynara/cynara-monitor-get.socket -SocketGroup=security_fw +ListenStream=@SOCKET_DIR@/cynara-monitor-get.socket +SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@ SocketMode=0060 SmackLabelIPIn=@ SmackLabelIPOut=@ diff --git a/systemd/cynara.socket b/systemd/cynara.socket.in similarity index 80% rename from systemd/cynara.socket rename to systemd/cynara.socket.in index fad2745..ba76549 100644 --- a/systemd/cynara.socket +++ b/systemd/cynara.socket.in @@ -1,5 +1,5 @@ [Socket] -ListenStream=/run/cynara/cynara.socket +ListenStream=@SOCKET_DIR@/cynara.socket SocketMode=0666 SmackLabelIPIn=* SmackLabelIPOut=@ -- 2.14.3