On Tuesday, 15 September 2020 19:37:41 BST Glyph wrote:
On Sep 15, 2020, at 10:05 AM, Barry Scott <barry.scott@forcepoint.com> wrote:
We do this so that we can open priv'ed ports that the children will share. We drop priv's after the priv'ed ports are opened.
A better way to do this might be to use something like the systemd activation endpoint, so you never need privileges in your code in the first place:
https://twistedmatrix.com/documents/current/core/howto/systemd.html#socket-a... <https://twistedmatrix.com/documents/current/core/howto/systemd.html#socket-activation>
Yep, but at the moment I'm on Centos 6 (no systemd) porting to Centos 8 at the moment. I'm not sure socket activation is the way forward, but there are a lot of other tricks in systemd that should help. Also there is the idea to pass the prived FD's over sockets into the non priv'ed code etc. Barry