From 6cb43f8e4dd66dc681e2d5c42d746b8c608d7ac4 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 7 Jul 2018 15:21:21 +0000 Subject: [PATCH] Of course, dropping privileges breaks with systemd sockets --- dnscrypt-proxy/example-dnscrypt-proxy.toml | 4 +++- dnscrypt-proxy/privilege_others.go | 2 ++ dnscrypt-proxy/proxy.go | 4 +++- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml index 557e3b93..1f8c6944 100644 --- a/dnscrypt-proxy/example-dnscrypt-proxy.toml +++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml @@ -46,7 +46,9 @@ max_clients = 250 ## The first one will keep root privileges, but is only a supervisor, that does nothing ## except create the sockets, manage the service, and restart it if it crashes. ## The second process is the service itself, and that one will always run as a different -## user. Note: this feature is currently unsupported on Windows. +## user. +## Note (1): this feature is currently unsupported on Windows. +## Note (2): this feature is not compatible with systemd socket activation. # username = 'nobody' diff --git a/dnscrypt-proxy/privilege_others.go b/dnscrypt-proxy/privilege_others.go index 1df03f97..9779de5f 100644 --- a/dnscrypt-proxy/privilege_others.go +++ b/dnscrypt-proxy/privilege_others.go @@ -38,6 +38,8 @@ func (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) { dlog.Fatal(err) } + SystemDNotify() + args = args[1:] args = append(args, "-child") diff --git a/dnscrypt-proxy/proxy.go b/dnscrypt-proxy/proxy.go index 4f49fe6c..86e3bb16 100644 --- a/dnscrypt-proxy/proxy.go +++ b/dnscrypt-proxy/proxy.go @@ -153,7 +153,9 @@ func (proxy *Proxy) StartProxy() { liveServers, err := proxy.serversInfo.refresh(proxy) if liveServers > 0 { dlog.Noticef("dnscrypt-proxy is ready - live servers: %d", liveServers) - SystemDNotify() + if !proxy.child { + SystemDNotify() + } } else if err != nil { dlog.Error(err) dlog.Notice("dnscrypt-proxy is waiting for at least one server to be reachable")