vavakado/hinoirisetr
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases 1 Packages Wiki Activity Actions

refactor: improve socket security

Browse source
This commit is contained in:
Vladimir Rubin 2025-05-14 14:26:03 +03:00
parent 47bed52851
commit aeeb17abd0
Signed by: vavakado
GPG key ID: CAB744727F36B524
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/main.rs
View file

@ -1,4 +1,5 @@
use std::env; use std::env;
use std::os::unix::fs::PermissionsExt;
use std::path::PathBuf; use std::path::PathBuf;
use std::sync::atomic::Ordering::SeqCst; use std::sync::atomic::Ordering::SeqCst;
use std::sync::atomic::{AtomicBool, AtomicU64, Ordering}; use std::sync::atomic::{AtomicBool, AtomicU64, Ordering};
@ -59,6 +60,12 @@ async fn config_reloader(notify: Arc<Notify>) {
async fn socket_server(disabled: Arc<AtomicBool>, notify: Arc<Notify>) { async fn socket_server(disabled: Arc<AtomicBool>, notify: Arc<Notify>) {
let listener = UnixListener::bind(SOCKET_PATH).expect("Failed to bind socket"); let listener = UnixListener::bind(SOCKET_PATH).expect("Failed to bind socket");
match std::fs::set_permissions(SOCKET_PATH, std::fs::Permissions::from_mode(0o600)) {
Ok(_) => trace!("socket file permissions set"),
Err(e) => error!("Failed to set socket file permissions: {e}"),
};
trace!("socket server bound"); trace!("socket server bound");
let notification: NotifyState = let notification: NotifyState =
match hinoirisetr::notify::InitializedNotificationSystem::new("hinoirisetr") { match hinoirisetr::notify::InitializedNotificationSystem::new("hinoirisetr") {