diff options
| author | W. Kosior <koszko@koszko.org> | 2024-09-04 20:50:17 +0200 |
|---|---|---|
| committer | W. Kosior <koszko@koszko.org> | 2024-09-04 21:02:12 +0200 |
| commit | 4aad2dedac15c2f3c9b427dc8a9ae2992e963a16 (patch) | |
| tree | 411805075d209d8e3c21315128b8e9b70908d2eb /gnu | |
| parent | da83e21c97b644f823b75ad92e1c51e82452abc9 (diff) | |
| download | guix-4aad2dedac15c2f3c9b427dc8a9ae2992e963a16.tar.gz guix-4aad2dedac15c2f3c9b427dc8a9ae2992e963a16.zip | |
services: Allow specifying user and group for knot resolver.
Kresd used to start as root and create cache files with root ownership before
dropping privileges. This made unprivileged kres-cache-gc (in a separate
service) fail when trying to read them. The new default is to start both as
`knot-resolver', with configuration fields that allow overriding this default.
* gnu/services/dns.scm (<knot-resolver-configuration>)[user]: New field.
(<knot-resolver-configuration>)[group]: New field.
(knot-resolver-shepherd-services): Pass the user&group from config to forkexec
constructors.
Change-Id: Id06a8eca140fdca14995a03e910f521d5f4636e5
Diffstat (limited to 'gnu')
| -rw-r--r-- | gnu/services/dns.scm | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm index 043c34599c..34ad95eb65 100644 --- a/gnu/services/dns.scm +++ b/gnu/services/dns.scm @@ -651,7 +651,11 @@ name server for the @acronym{DNS, Domain Name System}."))) (kresd-config-file knot-resolver-kresd-config-file (default %kresd.conf)) (garbage-collection-interval knot-resolver-garbage-collection-interval - (default 1000))) + (default 1000)) + (user knot-resolver-configuration-user + (default "knot-resolver")) + (group knot-resolver-configuration-group + (default "knot-resolver"))) (define %kresd.conf (plain-file "kresd.conf" "-- -*- mode: lua -*- @@ -685,7 +689,8 @@ cache.size = 100 * MB (match-lambda (($ <knot-resolver-configuration> package kresd-config-file - garbage-collection-interval) + garbage-collection-interval + user group) (list (shepherd-service (provision '(kresd)) @@ -694,7 +699,9 @@ cache.size = 100 * MB (start #~(make-forkexec-constructor '(#$(file-append package "/sbin/kresd") "-c" #$kresd-config-file "-n" - "/var/cache/knot-resolver"))) + "/var/cache/knot-resolver") + #:user #$user + #:group #$group)) (stop #~(make-kill-destructor))) (shepherd-service (provision '(kres-cache-gc)) @@ -704,8 +711,8 @@ cache.size = 100 * MB '(#$(file-append package "/sbin/kres-cache-gc") "-d" #$(number->string garbage-collection-interval) "-c" "/var/cache/knot-resolver") - #:user "knot-resolver" - #:group "knot-resolver")) + #:user #$user + #:group #$group)) (stop #~(make-kill-destructor))))))) (define knot-resolver-service-type |