[sslh] Foreground mode.
Seblu
ml at seblu.net
Sat Apr 21 12:42:00 CEST 2012
On Wed, Apr 18, 2012 at 8:28 PM, Yves Rutschle <yves at naryves.com> wrote:
> Hi Seb,
>
> On Mon, Apr 16, 2012 at 06:58:33PM +0200, Yves Rutschle wrote:
>> I'll go over the daemon requirements for systemd and make
>> sure you have options to satisfy them (except the "grab a
>> name on the bus", I don't think sslh needs to get into
>> that).
>
> Please find patch attached.
>
> From systemd specification:
>
>>We ask daemon writers not to fork or even double fork in
>>their processes, but run their event loop from the initial
>>process systemd starts for you. Also, don't call setsid().
>
> Now if --foreground is specifed, setsid() isn't called
> anymore: sslh can be compliant.
>
>>Don't drop user privileges in the daemon itself, leave this
>>to systemd and configure it in systemd service
>>configuration files. (There are exceptions here. For
>>example, for some daemons there are good reasons to drop
>>privileges inside the daemon code, after an initialization
>>phase that requires elevated privileges.)
>
> Now if --user is not specified, sslh does not change uid.
>
>>Don't write PID files
>
> Now if --pidfile is not specified, sslh does not create a
> PID file.
>
>>Grab a name on the bus
>
> Not doing it.
>
>>You may rely on systemd for logging, you are welcome to log
>>whatever you need to log to stderr.
>
> Now if --foreground is specified, sslh doesn't log to syslog
> (but to stderr instead).
>
>>Let systemd create and watch sockets for you, so that
>>socket activation works. Hence, interpret $LISTEN_FDS and
>>$LISTEN_PID as described above.
>
> Not interpreting $LISTEN_FDS, but inetd mode should work for
> this mode.
>
>>Use SIGTERM for requesting shut downs from your daemon.
>
> Already doing it.
>
> (the patch also corrects an unrelated bug).
>
> Let me know if this works for you!
>
All seems to be ok.
I propose you a little patch about make install.
1) Install sslh-select and ssl-fork and create a symlink to sslh-fork
2) move binary into /bin and not /sbin. There is no reason of having
sslh under /sbin, daemon run without root priv and can be launched by
user (defaut behaviour)
Do you know when you'll drop the next version?
--
Sébastien Luttringer
www.seblu.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sslh-1.11.makefile.patch
Type: application/octet-stream
Size: 790 bytes
Desc: not available
URL: <http://rutschle.net/pipermail/sslh/attachments/20120421/82024bb3/attachment.obj>
More information about the sslh
mailing list