[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: packages using non-standard ports

On Sat, 02 Aug 2014, Josh Triplett wrote:
> How easily could you teach syslog-nagios-bridge to listen on a UNIX
> domain socket, instead of or in addition to a TCP socket?  You could
> then have it listen on /run/syslog-nagios-bridge by default, and have
> rsyslog automatically forward messages there.

Unless this socket is *never* going to need any sort of access control, rule
zero for UNIX socket security applies: you must put it inside a directory.

I.e. unless this socket always has to be accessible by everyone, don't put
it directly in /run.  Use something like /run/syslog-nagios-bridge/socket,
and depend on the access permissions of /run/syslog-nagios-bridge/ to
control access to the socket.

That may well mean you need the directory just for the socket.  If you have
extra files that need different access restrictions, they'll have to go in a
separate directory.

> (Also, please consider providing a .socket file for systemd socket
> activation.)

And when you do that, beware that you will most likely have to take special
steps to work around bug #736258.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: