1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
From d919b110a2fbccdce084c651f4d7d7de66f2f869 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
Date: Thu, 25 Jan 2018 13:47:37 +0100
Subject: [PATCH 5/6] Allow to tune sockets
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Allow to change the directory of sockets
through a true integration of SOCKET_DIR
Allow to override the socket's group of
- /run/cynara/cynara-agent.socket
- /run/cynara/cynara-monitor-get.socket
through the newly defined variable CYNARA_ADMIN_SOCKET_GROUP
Change-Id: I7d58854c328e948e3d6d7fa3fc00569fd08f8aef
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
---
systemd/CMakeLists.txt | 19 +++++++++++++++----
.../{cynara-admin.socket => cynara-admin.socket.in} | 2 +-
.../{cynara-agent.socket => cynara-agent.socket.in} | 4 ++--
...onitor-get.socket => cynara-monitor-get.socket.in} | 4 ++--
systemd/{cynara.socket => cynara.socket.in} | 2 +-
5 files changed, 21 insertions(+), 10 deletions(-)
rename systemd/{cynara-admin.socket => cynara-admin.socket.in} (78%)
rename systemd/{cynara-agent.socket => cynara-agent.socket.in} (66%)
rename systemd/{cynara-monitor-get.socket => cynara-monitor-get.socket.in} (64%)
rename systemd/{cynara.socket => cynara.socket.in} (80%)
diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt
index 20accf0..1b75c12 100644
--- a/systemd/CMakeLists.txt
+++ b/systemd/CMakeLists.txt
@@ -16,13 +16,24 @@
# @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
#
+SET(CYNARA_ADMIN_SOCKET_GROUP
+ "security_fw"
+ CACHE STRING
+ "Group to apply on administrative sockets")
+
+
+CONFIGURE_FILE(cynara.socket.in cynara.socket @ONLY)
+CONFIGURE_FILE(cynara-admin.socket.in cynara-admin.socket @ONLY)
+CONFIGURE_FILE(cynara-agent.socket.in cynara-agent.socket @ONLY)
+CONFIGURE_FILE(cynara-monitor-get.socket.in cynara-monitor-get.socket @ONLY)
+
INSTALL(FILES
${CMAKE_SOURCE_DIR}/systemd/cynara.service
${CMAKE_SOURCE_DIR}/systemd/cynara.target
- ${CMAKE_SOURCE_DIR}/systemd/cynara.socket
- ${CMAKE_SOURCE_DIR}/systemd/cynara-admin.socket
- ${CMAKE_SOURCE_DIR}/systemd/cynara-agent.socket
- ${CMAKE_SOURCE_DIR}/systemd/cynara-monitor-get.socket
+ ${CMAKE_BINARY_DIR}/systemd/cynara.socket
+ ${CMAKE_BINARY_DIR}/systemd/cynara-admin.socket
+ ${CMAKE_BINARY_DIR}/systemd/cynara-agent.socket
+ ${CMAKE_BINARY_DIR}/systemd/cynara-monitor-get.socket
DESTINATION
${SYSTEMD_UNIT_DIR}
)
diff --git a/systemd/cynara-admin.socket b/systemd/cynara-admin.socket.in
similarity index 78%
rename from systemd/cynara-admin.socket
rename to systemd/cynara-admin.socket.in
index ed38386..2364c3e 100644
--- a/systemd/cynara-admin.socket
+++ b/systemd/cynara-admin.socket.in
@@ -1,5 +1,5 @@
[Socket]
-ListenStream=/run/cynara/cynara-admin.socket
+ListenStream=@SOCKET_DIR@/cynara-admin.socket
SocketMode=0600
SmackLabelIPIn=@
SmackLabelIPOut=@
diff --git a/systemd/cynara-agent.socket b/systemd/cynara-agent.socket.in
similarity index 66%
rename from systemd/cynara-agent.socket
rename to systemd/cynara-agent.socket.in
index 5a677e0..4f86c9d 100644
--- a/systemd/cynara-agent.socket
+++ b/systemd/cynara-agent.socket.in
@@ -1,6 +1,6 @@
[Socket]
-ListenStream=/run/cynara/cynara-agent.socket
-SocketGroup=security_fw
+ListenStream=@SOCKET_DIR@/cynara-agent.socket
+SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@
SocketMode=0060
SmackLabelIPIn=*
SmackLabelIPOut=@
diff --git a/systemd/cynara-monitor-get.socket b/systemd/cynara-monitor-get.socket.in
similarity index 64%
rename from systemd/cynara-monitor-get.socket
rename to systemd/cynara-monitor-get.socket.in
index a50feeb..b88dbf7 100644
--- a/systemd/cynara-monitor-get.socket
+++ b/systemd/cynara-monitor-get.socket.in
@@ -1,6 +1,6 @@
[Socket]
-ListenStream=/run/cynara/cynara-monitor-get.socket
-SocketGroup=security_fw
+ListenStream=@SOCKET_DIR@/cynara-monitor-get.socket
+SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@
SocketMode=0060
SmackLabelIPIn=@
SmackLabelIPOut=@
diff --git a/systemd/cynara.socket b/systemd/cynara.socket.in
similarity index 80%
rename from systemd/cynara.socket
rename to systemd/cynara.socket.in
index fad2745..ba76549 100644
--- a/systemd/cynara.socket
+++ b/systemd/cynara.socket.in
@@ -1,5 +1,5 @@
[Socket]
-ListenStream=/run/cynara/cynara.socket
+ListenStream=@SOCKET_DIR@/cynara.socket
SocketMode=0666
SmackLabelIPIn=*
SmackLabelIPOut=@
--
2.14.3
|
