Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-651

Support systemd directive OpenFile= when connecting to a Unix socket

    XMLWordPrintable

Details

    • Task
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Duplicate
    • 3.3.5
    • N/A
    • API
    • None
    • Fedora 38

    Description

      When connecting to a Unix socket, instead of providing a file path it would be nice
      if Mariadb would support using an inherited file descriptor from the parent process.
      Systemd can connect to a Unix socket and then let the started program (as defined by ExecStart= in the service unit) inherit this file descriptor. This improves security because
      the process running MariaDB Connector/C does not need file access permission to the Unix socket.

      The systemd directive OpenFile= was introduced in systemd 253
      (released February 2023).

      Man page:
      https://www.freedesktop.org/software/systemd/man/systemd.service.html#OpenFile=

      There is some example code at
      https://mariadb.com/docs/skysql-previous-release/connect/programming-languages/c/connect/
      about how to use MariaDB Connector/C to connect to MariaDB database products.

      Here I replaced _ NULL_ with "/some/path"

      // Connect to the database
      if (!mysql_real_connect(
      conn, // Connection
      "example.skysql.net", // Host
      "db_user", // User account
      "db_user_password", // User password
      "test", // Default database
      5009, // Port number
      "/some/path", // Path to socket file
      0 // Additional options
      ))

      Instead of specifying a path to the Unix socket there should be a way to specify the file descriptor name myfdname that was set in the systemd service unit

      OpenFile=/some/path:myfdname

      I don't know how to best introduce OpenFile= support in the API,
      but just as an example there could be a new function

      // Connect to the database
      if (!mysql_real_connect_with_OpenFile(
      conn, // Connection
      "example.skysql.net", // Host
      "db_user", // User account
      "db_user_password", // User password
      "test", // Default database
      "myfdname", // OpenFile fdname
      0 // Additional options
      ))

      The file descriptor name is set by systemd in the environment variable LISTEN_FDNAMES (see https://www.freedesktop.org/software/systemd/man/sd_listen_fds.html).

      A side-note: OpenFile= also supports opening normal files. If MariaDB Connector/C has a need to open files, such files could be passed to MariaDB Connector/C as file descriptors with OpenFile=

      Attachments

        Activity

          People

            georg Georg Richter
            eriksjolund Erik Sjölund
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.