Created
March 30, 2015 13:24
-
-
Save stbuehler/13dc462fd6343a14e7a0 to your computer and use it in GitHub Desktop.
systemd to FastCGI socket passing compatibility script, with AppArmor profiles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
if [ "${LISTEN_PID}" != $$ ]; then | |
echo >&2 "file descriptors not for us, pid not matching: '${LISTEN_PID}' != '$$'" | |
exit 255 | |
fi | |
if [ "${LISTEN_FDS}" != "1" ]; then | |
echo >&2 "Requires exactly one socket passed to fastcgi, got: '${LISTEN_FDS:-0}'" | |
exit 255 | |
fi | |
unset LISTEN_FDS | |
# move socket from 3 to 0 | |
exec 0<&3 | |
exec 3<&- | |
read unit < <(exec systemd-unit-name.sh --system $$) | |
echo >&2 "Trying to start in AppArmor profile '${unit}'" | |
# spawn fastcgi backend | |
exec aa-exec -p "${unit}" -- "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
pid= | |
type= | |
syntax() { | |
exec >&2 | |
echo "syntax: $0 [--system] [pid]" | |
exit 127 | |
} | |
while [ $# -gt 0 ]; do | |
case "$1" in | |
--system) | |
type=system | |
shift | |
;; | |
[0-9][0-9]*) | |
if [ -n "${pid}" ]; then | |
echo >&2 "already have a pid" | |
exit 127 | |
fi | |
pid=$1 | |
shift | |
;; | |
*) | |
syntax | |
;; | |
esac | |
done | |
if [ -z "${pid}" ]; then | |
pid=$$ | |
fi | |
unit=$(awk 'BEGIN { FS = ":" }; $2 == "name=systemd" { print $3; }' "/proc/${pid}/cgroup" | head -n1) | |
if [ -z "${unit}" ]; then | |
echo >&2 "systemd unit name not found" | |
exit 127 | |
fi | |
if [ "${type}" = "system" ]; then | |
if [ "${unit::14}" = "/system.slice/" ]; then | |
printf '%s\n' "${unit:14}" | |
else | |
echo >&2 "unit '${unit}' is not a system unit" | |
exit 127 | |
fi | |
else | |
printf '%s\n' "${unit}" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment