-
-
Notifications
You must be signed in to change notification settings - Fork 834
/
platform_unix.go
47 lines (43 loc) · 1.65 KB
/
platform_unix.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
//go:build !windows
// +build !windows
package main
import (
"flag"
"fmt"
"github.com/coreos/go-systemd/v22/activation"
"net"
)
func platformFlags() {
flag.StringVar(&socket, "socket", "", "path to a Unix socket (e.g. /tmp/webhook.sock) to use instead of listening on an ip and port; if specified, the ip and port options are ignored")
flag.IntVar(&setGID, "setgid", 0, "set group ID after opening listening port; must be used with setuid, not permitted with -socket")
flag.IntVar(&setUID, "setuid", 0, "set user ID after opening listening port; must be used with setgid, not permitted with -socket")
}
func trySocketListener() (net.Listener, error) {
// first check whether we have any sockets from systemd
listeners, err := activation.Listeners()
if err != nil {
return nil, fmt.Errorf("failed to retrieve sockets from systemd: %w", err)
}
numListeners := len(listeners)
if numListeners > 1 {
return nil, fmt.Errorf("received %d sockets from systemd, but only 1 is supported", numListeners)
}
if numListeners == 1 {
sockAddr := listeners[0].Addr()
if sockAddr.Network() == "tcp" {
addr = sockAddr.String()
} else {
addr = fmt.Sprintf("{%s:%s}", sockAddr.Network(), sockAddr.String())
}
return listeners[0], nil
}
// if we get to here, we got no sockets from systemd, so check -socket flag
if socket != "" {
if setGID != 0 || setUID != 0 {
return nil, fmt.Errorf("-setuid and -setgid options are not compatible with -socket. If you need to bind a socket as root but run webhook as a different user, consider using systemd activation")
}
addr = fmt.Sprintf("{unix:%s}", socket)
return net.Listen("unix", socket)
}
return nil, nil
}