open tls keys/certificate as root, pass fd's to the unprivileged child process

makes it easier to use tls keys/certs managed by other tools, with or without
acme. the root process has access to open such files. the child process reads
the key from the file descriptor, then closes the file.

for issue #30 by inigoserna, thanks!
This commit is contained in:
Mechiel Lukkien
2023-05-31 14:09:53 +02:00
parent dd0cede4f9
commit 70d07c5459
6 changed files with 119 additions and 36 deletions

View File

@ -147,11 +147,12 @@ requested, other TLS certificates are requested on demand.
mlog.SetConfig(mox.Conf.Log)
checkACMEHosts := os.Getuid() != 0
mox.MustLoadConfig(checkACMEHosts)
log := mlog.New("serve")
if os.Getuid() == 0 {
mox.MustLoadConfig(checkACMEHosts)
// No need to potentially start and keep multiple processes. As root, we just need
// to start the child process.
runtime.GOMAXPROCS(1)
@ -160,6 +161,9 @@ requested, other TLS certificates are requested on demand.
if os.Getenv("MOX_SOCKETS") != "" {
log.Fatal("refusing to start as root with $MOX_SOCKETS set")
}
if os.Getenv("MOX_FILES") != "" {
log.Fatal("refusing to start as root with $MOX_FILES set")
}
if !mox.Conf.Static.NoFixPermissions {
// Fix permissions now that we have privilege to do so. Useful for update of v0.0.1
@ -178,7 +182,8 @@ requested, other TLS certificates are requested on demand.
}
} else {
log.Print("starting as unprivileged user", mlog.Field("user", mox.Conf.Static.User), mlog.Field("uid", mox.Conf.Static.UID), mlog.Field("gid", mox.Conf.Static.GID), mlog.Field("pid", os.Getpid()))
mox.RestorePassedSockets()
mox.RestorePassedFiles()
mox.MustLoadConfig(checkACMEHosts)
}
syscall.Umask(syscall.Umask(007) | 007)
@ -584,7 +589,7 @@ func start(mtastsdbRefresher, skipForkExec bool) error {
mox.ForkExecUnprivileged()
panic("cannot happen")
} else {
mox.CleanupPassedSockets()
mox.CleanupPassedFiles()
}
}