From 4dc756be4dfe5a9b74919e990a6d743678fb8c6b Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Sat, 7 Jul 2018 19:44:11 +0200
Subject: [PATCH] Error out if systemd sockets are used with the user_name
 option

---
 dnscrypt-proxy/systemd_linux.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/dnscrypt-proxy/systemd_linux.go b/dnscrypt-proxy/systemd_linux.go
index 652c70ae..e05758f8 100644
--- a/dnscrypt-proxy/systemd_linux.go
+++ b/dnscrypt-proxy/systemd_linux.go
@@ -11,6 +11,10 @@ import (
 func (proxy *Proxy) SystemDListeners() error {
 	files := activation.Files(true)
 
+	if len(files) > 0 && (len(proxy.userName) > 0 || proxy.child) {
+		dlog.Fatal("Systemd activated sockets are incompatible with privilege dropping. Remove activated sockets and fill `listen_addresses` in the dnscrypt-proxy configuration file instead.")
+	}
+
 	for i, file := range files {
 		if listener, err := net.FileListener(file); err == nil {
 			dlog.Noticef("Wiring systemd TCP socket #%d, %s, %s", i, file.Name(), listener.Addr())