[CONC-652] Support systemd directive OpenFile= when connecting to a Unix socket Created: 2023-06-20  Updated: 2023-06-20

Status: Open
Project: MariaDB Connector/C
Component/s: API
Affects Version/s: 3.3.5
Fix Version/s: None

Type: Task Priority: Minor
Reporter: Erik Sjölund Assignee: Georg Richter
Resolution: Unresolved Votes: 0
Labels: None
Environment:

Fedora 38


 Description   

When connecting to a Unix socket, instead of providing a file path it would be nice
if MariaDB Connector/C would support using an inherited file descriptor from the parent process.
Systemd can connect to a Unix socket and then let the started program (as defined by ExecStart= in the service unit) inherit this file descriptor. This improves security because
the process running MariaDB Connector/C does not need file access permission to the Unix socket.

The systemd directive OpenFile= was introduced in systemd 253
(released February 2023).

Man page:
https://www.freedesktop.org/software/systemd/man/systemd.service.html#OpenFile=

There is some example code at
https://mariadb.com/docs/skysql-previous-release/connect/programming-languages/c/connect/
about how to use MariaDB Connector/C to connect to MariaDB database products.

Here I replaced NULL with "/some/path"

// Connect to the database
if (!mysql_real_connect(
conn, // Connection
"example.skysql.net", // Host
"db_user", // User account
"db_user_password", // User password
"test", // Default database
5009, // Port number
"/some/path", // Path to socket file
0 // Additional options
))

Instead of specifying a path to the Unix socket there should be a way to specify the file descriptor name myfdname that was set in the systemd service unit

OpenFile=/some/path:myfdname

I don't know how to best introduce OpenFile= support in the API,
but just as an example there could be a new function

// Connect to the database
if (!mysql_real_connect_with_OpenFile(
conn, // Connection
"example.skysql.net", // Host
"db_user", // User account
"db_user_password", // User password
"test", // Default database
"myfdname", // OpenFile fdname
0 // Additional options
))

The file descriptor name is set by systemd in the environment variable LISTEN_FDNAMES (see https://www.freedesktop.org/software/systemd/man/sd_listen_fds.html).

A side-note: OpenFile= also supports opening normal files. If MariaDB Connector/C has a need to open files, such files could be passed to MariaDB Connector/C as file descriptors with OpenFile=
Generated at Thu Feb 08 03:06:51 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.