Inheriting capabilities
Inheriting capabilities
Posted Feb 12, 2015 11:22 UTC (Thu) by ibukanov (subscriber, #3942)In reply to: Inheriting capabilities by Cyberax
Parent article: Inheriting capabilities
Posted Feb 12, 2015 12:08 UTC (Thu)
by vonbrand (subscriber, #4458)
[Link] (2 responses)
<cough>systemd</cough>
Posted Feb 12, 2015 12:34 UTC (Thu)
by ibukanov (subscriber, #3942)
[Link] (1 responses)
Instead it would be better if services allow to specify an external command that returns the bound socket so one can use whatever mechanism to bind the port like dynamic port numbers etc. and integration with systemd becomes trivial.
Posted Feb 12, 2015 14:15 UTC (Thu)
by fishface60 (subscriber, #88700)
[Link]
By default ProxyCommand requires the process to proxy the messages between stdin and stdout, but if you set ProxyUseFdpass, the proxy command is passed a socket pair instead, and should send a file descriptor over its stdout. So rather than having your proxy command needing to constantly process data, it can pass the connection back to ssh.
I'd guess the reason why more services don't let you do stuff like this is that it's awkward to do in C, and the networking abstractions in most of the programming languages I use don't support it.
Posted Feb 12, 2015 14:00 UTC (Thu)
by fishface60 (subscriber, #88700)
[Link]
I usually end up with a wrapper program that binds to an ephemeral port and writes out which port was chosen to a named pipe before launching the program in inetd mode.
Posted Feb 12, 2015 18:35 UTC (Thu)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Inheriting capabilities
Inheriting capabilities
Inheriting capabilities
Inheriting capabilities
Inheriting capabilities