diff options
| author | W. Kosior <koszko@koszko.org> | 2024-09-04 20:50:17 +0200 |
|---|---|---|
| committer | W. Kosior <koszko@koszko.org> | 2025-05-26 14:07:28 +0200 |
| commit | f73d53f17beeabb5b327e7735cae79a0cd2216ff (patch) | |
| tree | 86a6595c0b5e2c6d13183f886276a013a920f324 | |
| parent | 80bfa3a4ccfa97d6f5cd961b661ac0d648e7fc7e (diff) | |
| download | guix-f73d53f17beeabb5b327e7735cae79a0cd2216ff.tar.gz guix-f73d53f17beeabb5b327e7735cae79a0cd2216ff.zip | |
services: Allow specifying user and group for knot resolver.
Kresd used to start as root and create cache files with root ownership before
dropping privileges. This made unprivileged kres-cache-gc (in a separate
service) fail when trying to read them. The new default is to start both as
`knot-resolver', with configuration fields that allow overriding this default.
* gnu/services/dns.scm (<knot-resolver-configuration>)[user]: New field.
(<knot-resolver-configuration>)[group]: New field.
(knot-resolver-shepherd-services): Pass the user&group from config to forkexec
constructors.
Change-Id: Id06a8eca140fdca14995a03e910f521d5f4636e5
| -rw-r--r-- | gnu/services/dns.scm | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm index 9a9b78d877..c6e5b14979 100644 --- a/gnu/services/dns.scm +++ b/gnu/services/dns.scm @@ -695,7 +695,11 @@ name server for the @acronym{DNS, Domain Name System}."))) (kresd-config-file knot-resolver-kresd-config-file (default %kresd.conf)) (garbage-collection-interval knot-resolver-garbage-collection-interval - (default 1000))) + (default 1000)) + (user knot-resolver-configuration-user + (default "knot-resolver")) + (group knot-resolver-configuration-group + (default "knot-resolver"))) (define %kresd.conf (plain-file "kresd.conf" "-- -*- mode: lua -*- @@ -729,7 +733,8 @@ cache.size = 100 * MB (match-lambda (($ <knot-resolver-configuration> package kresd-config-file - garbage-collection-interval) + garbage-collection-interval + user group) (list (shepherd-service (provision '(kresd)) @@ -738,7 +743,9 @@ cache.size = 100 * MB (start #~(make-forkexec-constructor '(#$(file-append package "/sbin/kresd") "-c" #$kresd-config-file "-n" - "/var/cache/knot-resolver"))) + "/var/cache/knot-resolver") + #:user #$user + #:group #$group)) (stop #~(make-kill-destructor))) (shepherd-service (provision '(kres-cache-gc)) @@ -748,8 +755,8 @@ cache.size = 100 * MB '(#$(file-append package "/sbin/kres-cache-gc") "-d" #$(number->string garbage-collection-interval) "-c" "/var/cache/knot-resolver") - #:user "knot-resolver" - #:group "knot-resolver")) + #:user #$user + #:group #$group)) (stop #~(make-kill-destructor))))))) (define knot-resolver-service-type |