From c29761cd1628960ee2b11a469763479ac5ef1dfa Mon Sep 17 00:00:00 2001 From: José Bollo Date: Thu, 12 Dec 2019 18:10:48 +0100 Subject: Improve integration of cynagora MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allow to be more flexible when starting with or without systemd. At end this change will allows to start within systemd with socket activation or not and by sending notification without need of option. Make setting of the sockets more accurate. The admin and agent socket are now accessible only to clients of the expected group, cynagora by default. Bug-AGL: SPEC-3230 Bug-AGL: SPEC-2968 Change-Id: I3e5c7c00dfa0494628c18ffc016cfc8599a5bf9b Signed-off-by: José Bollo --- systemd/CMakeLists.txt | 3 ++- systemd/cynagora-admin.socket.in | 4 +++- systemd/cynagora-agent.socket.in | 4 +++- systemd/cynagora-check.socket.in | 2 ++ systemd/cynagora.service | 26 -------------------------- systemd/cynagora.service.in | 22 ++++++++++++++++++++++ 6 files changed, 32 insertions(+), 29 deletions(-) delete mode 100644 systemd/cynagora.service create mode 100644 systemd/cynagora.service.in (limited to 'systemd') diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt index c68f7f5..bb9d059 100644 --- a/systemd/CMakeLists.txt +++ b/systemd/CMakeLists.txt @@ -19,12 +19,13 @@ set(SYSTEMD_UNIT_DIR "${CMAKE_INSTALL_FULL_LIBDIR}/systemd/system" CACHE PATH "Path to systemd system unit files") +CONFIGURE_FILE(cynagora.service.in cynagora.service @ONLY) CONFIGURE_FILE(cynagora-admin.socket.in cynagora-admin.socket @ONLY) CONFIGURE_FILE(cynagora-check.socket.in cynagora-check.socket @ONLY) CONFIGURE_FILE(cynagora-agent.socket.in cynagora-agent.socket @ONLY) INSTALL(FILES - ${CMAKE_CURRENT_SOURCE_DIR}/cynagora.service + ${CMAKE_CURRENT_BINARY_DIR}/cynagora.service ${CMAKE_CURRENT_SOURCE_DIR}/cynagora.target ${CMAKE_CURRENT_BINARY_DIR}/cynagora-admin.socket ${CMAKE_CURRENT_BINARY_DIR}/cynagora-check.socket diff --git a/systemd/cynagora-admin.socket.in b/systemd/cynagora-admin.socket.in index 622c023..b2f5874 100644 --- a/systemd/cynagora-admin.socket.in +++ b/systemd/cynagora-admin.socket.in @@ -1,7 +1,9 @@ [Socket] FileDescriptorName=admin ListenStream=@DEFAULT_SOCKET_DIR@/cynagora.admin -SocketMode=0600 +SocketUser=@USER@ +SocketGroup=@GROUP@ +SocketMode=0660 SmackLabelIPIn=@ SmackLabelIPOut=@ diff --git a/systemd/cynagora-agent.socket.in b/systemd/cynagora-agent.socket.in index a5e66b8..3671113 100644 --- a/systemd/cynagora-agent.socket.in +++ b/systemd/cynagora-agent.socket.in @@ -1,7 +1,9 @@ [Socket] FileDescriptorName=agent ListenStream=@DEFAULT_SOCKET_DIR@/cynagora.agent -SocketMode=0600 +SocketUser=@USER@ +SocketGroup=@GROUP@ +SocketMode=0660 SmackLabelIPIn=@ SmackLabelIPOut=@ diff --git a/systemd/cynagora-check.socket.in b/systemd/cynagora-check.socket.in index fcd6ed1..0eeae57 100644 --- a/systemd/cynagora-check.socket.in +++ b/systemd/cynagora-check.socket.in @@ -1,6 +1,8 @@ [Socket] FileDescriptorName=check ListenStream=@DEFAULT_SOCKET_DIR@/cynagora.check +SocketUser=@USER@ +SocketGroup=@GROUP@ SocketMode=0666 SmackLabelIPIn=* SmackLabelIPOut=@ diff --git a/systemd/cynagora.service b/systemd/cynagora.service deleted file mode 100644 index 97a0f36..0000000 --- a/systemd/cynagora.service +++ /dev/null @@ -1,26 +0,0 @@ -[Unit] -Description=Cynagora service -Requires=afm-system-setup.service -After=afm-system-setup.service - -[Service] -ExecStart=/usr/bin/cynagorad --systemd --user cynagora --group cynagora --make-db-dir --own-db-dir - -Type=notify - -KillMode=process -TimeoutStopSec=3 -Restart=always - -Sockets=cynagora-admin.socket -Sockets=cynagora-check.socket -Sockets=cynagora-agent.socket -SmackProcessLabel=System - -#UMask=0000 -#User=cynagora -#Group=cynagora -#NoNewPrivileges=true - -[Install] -WantedBy=multi-user.target diff --git a/systemd/cynagora.service.in b/systemd/cynagora.service.in new file mode 100644 index 0000000..9035d00 --- /dev/null +++ b/systemd/cynagora.service.in @@ -0,0 +1,22 @@ +[Unit] +Description=Cynagora service +Requires=afm-system-setup.service +After=afm-system-setup.service + +[Service] +ExecStart=/usr/bin/cynagorad --user @USER@ --group @GROUP@ --make-db-dir --own-db-dir + +Type=notify + +KillMode=process +TimeoutStopSec=3 +Restart=always + +Sockets=cynagora-admin.socket +Sockets=cynagora-check.socket +Sockets=cynagora-agent.socket + +#NoNewPrivileges=true + +[Install] +WantedBy=multi-user.target -- cgit 1.2.3-korg