Set socket permissions for unix domain sockets (#5760)

This commit is contained in:
Daniel Nelson 2019-04-25 20:06:39 -07:00 committed by GitHub
parent 4ad813aecd
commit 66153625fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 0 deletions

View File

@ -25,6 +25,13 @@ This is a sample configuration for the plugin.
# service_address = "unix:///tmp/telegraf.sock" # service_address = "unix:///tmp/telegraf.sock"
# service_address = "unixgram:///tmp/telegraf.sock" # service_address = "unixgram:///tmp/telegraf.sock"
## Change the file mode bits on unix sockets. These permissions may not be
## respected by some platforms, to safely restrict write permissions it is best
## to place the socket into a directory that has previously been created
## with the desired permissions.
## ex: socket_mode = "777"
# socket_mode = ""
## Maximum number of concurrent connections. ## Maximum number of concurrent connections.
## Only applies to stream sockets (e.g. TCP). ## Only applies to stream sockets (e.g. TCP).
## 0 (default) is unlimited. ## 0 (default) is unlimited.

View File

@ -8,6 +8,7 @@ import (
"log" "log"
"net" "net"
"os" "os"
"strconv"
"strings" "strings"
"sync" "sync"
"time" "time"
@ -165,6 +166,7 @@ type SocketListener struct {
ReadBufferSize internal.Size `toml:"read_buffer_size"` ReadBufferSize internal.Size `toml:"read_buffer_size"`
ReadTimeout *internal.Duration `toml:"read_timeout"` ReadTimeout *internal.Duration `toml:"read_timeout"`
KeepAlivePeriod *internal.Duration `toml:"keep_alive_period"` KeepAlivePeriod *internal.Duration `toml:"keep_alive_period"`
SocketMode string `toml:"socket_mode"`
tlsint.ServerConfig tlsint.ServerConfig
parsers.Parser parsers.Parser
@ -190,6 +192,13 @@ func (sl *SocketListener) SampleConfig() string {
# service_address = "unix:///tmp/telegraf.sock" # service_address = "unix:///tmp/telegraf.sock"
# service_address = "unixgram:///tmp/telegraf.sock" # service_address = "unixgram:///tmp/telegraf.sock"
## Change the file mode bits on unix sockets. These permissions may not be
## respected by some platforms, to safely restrict write permissions it is best
## to place the socket into a directory that has previously been created
## with the desired permissions.
## ex: socket_mode = "777"
# socket_mode = ""
## Maximum number of concurrent connections. ## Maximum number of concurrent connections.
## Only applies to stream sockets (e.g. TCP). ## Only applies to stream sockets (e.g. TCP).
## 0 (default) is unlimited. ## 0 (default) is unlimited.
@ -275,6 +284,17 @@ func (sl *SocketListener) Start(acc telegraf.Accumulator) error {
log.Printf("I! [inputs.socket_listener] Listening on %s://%s", protocol, l.Addr()) log.Printf("I! [inputs.socket_listener] Listening on %s://%s", protocol, l.Addr())
// Set permissions on socket
if (spl[0] == "unix" || spl[0] == "unixpacket") && sl.SocketMode != "" {
// Convert from octal in string to int
i, err := strconv.ParseUint(sl.SocketMode, 8, 32)
if err != nil {
return err
}
os.Chmod(spl[1], os.FileMode(uint32(i)))
}
ssl := &streamSocketListener{ ssl := &streamSocketListener{
Listener: l, Listener: l,
SocketListener: sl, SocketListener: sl,
@ -289,6 +309,17 @@ func (sl *SocketListener) Start(acc telegraf.Accumulator) error {
return err return err
} }
// Set permissions on socket
if spl[0] == "unixgram" && sl.SocketMode != "" {
// Convert from octal in string to int
i, err := strconv.ParseUint(sl.SocketMode, 8, 32)
if err != nil {
return err
}
os.Chmod(spl[1], os.FileMode(uint32(i)))
}
if sl.ReadBufferSize.Size > 0 { if sl.ReadBufferSize.Size > 0 {
if srb, ok := pc.(setReadBufferer); ok { if srb, ok := pc.(setReadBufferer); ok {
srb.SetReadBuffer(int(sl.ReadBufferSize.Size)) srb.SetReadBuffer(int(sl.ReadBufferSize.Size))