Josef Johansson
Josef Johansson
Systemd is no way a hard requirement for #1985, just as long as you set LISTEN_FDS=1 LISTEN_PID=2 and --http-address=fd:3 you should be fine (provided there an actual listening socket on...
Also, you could use /lib/systemd/systemd-socket-proxyd. It will start on it's own. oauth2-proxy-forward.socket ``` [Socket] ListenStream=/run/oauth2-proxy-forward/oauth2-proxy.sock SocketGroup=www-data SocketMode=0660 Accept=no [Install] WantedBy=sockets.target ``` oauth2-proxy-forward.service ``` [Service] User=oauth2-proxy ExecStart=/lib/systemd/systemd-socket-proxyd /run/oauth2-proxy/oauth2.sock ```
Isn't that the same though as allowing it to the whole system? You might want to investigate `PrivateIPC` etc.
Correct, same same, but different :) Easier to userspace that PrivateNetwork for random processes also, but no iptables capability. I have been playing about with PrivateIPC in systemd, but it's...
> Is there any way to add some unit tests to this? Sure, that should be possible.
> Have you looked at #1866? Does it solve the same issue? Same, but different. That is upstream, this is downstream.
Sorry for tapping out on this PR, I shall makes some effort into polishing it.
I am rebasing and modifying the code.
I will be using --bindAddress=FD:3 or --bindAddress=FD:socketname as option to trigger this behavior.
> Is there any way to add some unit tests to this? I made my best attempt to unit test it, it's a bit out of my scope with file...