On Sat, 02 Aug 2014, Josh Triplett wrote: > How easily could you teach syslog-nagios-bridge to listen on a UNIX > domain socket, instead of or in addition to a TCP socket? You could > then have it listen on /run/syslog-nagios-bridge by default, and have > rsyslog automatically forward messages there.
Unless this socket is *never* going to need any sort of access control, rule zero for UNIX socket security applies: you must put it inside a directory. I.e. unless this socket always has to be accessible by everyone, don't put it directly in /run. Use something like /run/syslog-nagios-bridge/socket, and depend on the access permissions of /run/syslog-nagios-bridge/ to control access to the socket. That may well mean you need the directory just for the socket. If you have extra files that need different access restrictions, they'll have to go in a separate directory. > (Also, please consider providing a .socket file for systemd socket > activation.) And when you do that, beware that you will most likely have to take special steps to work around bug #736258. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140802171736.ga12...@khazad-dum.debian.net
