mirrors/webhook
1
0
Fork 0
mirror of https://github.com/adnanh/webhook.git synced 2025-06-01 02:02:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add support for systemd socket activation (#704)

Browse source 
* feat: add support for systemd socket activation

If webhook has been launched via systemd socket activation, simply use the systemd-provided socket rather than opening our own.

* docs: documentation for the systemd socket activation mode

* refactor: moved setuid and setgid flags into platform-specific section

The setuid and setgid flags do not work on Windows, so moved them to platform_unix so they are only added to the flag set on compatible platforms.

Also disallow the use of setuid and setgid in combination with -socket, since a setuid webhook process would not be able to clean up a socket that was created while running as root.  If you _need_ to have the socket owned by root but the webhook process running as a normal user, you can achieve the same effect with systemd socket activation.
This commit is contained in:
Ian Roberts 2024-10-25 22:18:04 +01:00 committed by GitHub
parent 9cd78fca1a
commit 98cf5d0163
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 529 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
webhook.go
View file

@ -48,8 +48,6 @@ var (
useXRequestID = flag.Bool("x-request-id", false, "use X-Request-Id header, if present, as request ID")
xRequestIDLimit = flag.Int("x-request-id-limit", 0, "truncate X-Request-Id header to limit; default no limit")
maxMultipartMem = flag.Int64("max-multipart-mem", 1<<20, "maximum memory in bytes for parsing multipart form data before disk caching")
setGID = flag.Int("setgid", 0, "set group ID after opening listening port; must be used with setuid")
setUID = flag.Int("setuid", 0, "set user ID after opening listening port; must be used with setgid")
httpMethods = flag.String("http-methods", "", `set default allowed HTTP methods (ie. "POST"); separate methods with comma`)
pidPath = flag.String("pidfile", "", "create PID file at the given path")
@ -61,6 +59,8 @@ var (
watcher *fsnotify.Watcher
signals chan os.Signal
pidFile *pidfile.PIDFile
setUID = 0
setGID = 0
socket = ""
addr = ""
)
@ -107,7 +107,7 @@ func main() {
os.Exit(0)
}
if (*setUID != 0 || *setGID != 0) && (*setUID == 0 || *setGID == 0) {
if (setUID != 0 || setGID != 0) && (setUID == 0 || setGID == 0) {
fmt.Println("error: setuid and setgid options must be used together")
os.Exit(1)
}
@ -142,8 +142,8 @@ func main() {
}
}
if *setUID != 0 {
err := dropPrivileges(*setUID, *setGID)
if setUID != 0 {
err := dropPrivileges(setUID, setGID)
if err != nil {
logQueue = append(logQueue, fmt.Sprintf("error dropping privileges: %s", err))
// we'll bail out below