Skip to content

Instantly share code, notes, and snippets.

@stbuehler
Created March 30, 2015 13:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save stbuehler/13dc462fd6343a14e7a0 to your computer and use it in GitHub Desktop.
Save stbuehler/13dc462fd6343a14e7a0 to your computer and use it in GitHub Desktop.
systemd to FastCGI socket passing compatibility script, with AppArmor profiles
#!/bin/bash
set -e
if [ "${LISTEN_PID}" != $$ ]; then
echo >&2 "file descriptors not for us, pid not matching: '${LISTEN_PID}' != '$$'"
exit 255
fi
if [ "${LISTEN_FDS}" != "1" ]; then
echo >&2 "Requires exactly one socket passed to fastcgi, got: '${LISTEN_FDS:-0}'"
exit 255
fi
unset LISTEN_FDS
# move socket from 3 to 0
exec 0<&3
exec 3<&-
read unit < <(exec systemd-unit-name.sh --system $$)
echo >&2 "Trying to start in AppArmor profile '${unit}'"
# spawn fastcgi backend
exec aa-exec -p "${unit}" -- "$@"
#!/bin/bash
set -e
pid=
type=
syntax() {
exec >&2
echo "syntax: $0 [--system] [pid]"
exit 127
}
while [ $# -gt 0 ]; do
case "$1" in
--system)
type=system
shift
;;
[0-9][0-9]*)
if [ -n "${pid}" ]; then
echo >&2 "already have a pid"
exit 127
fi
pid=$1
shift
;;
*)
syntax
;;
esac
done
if [ -z "${pid}" ]; then
pid=$$
fi
unit=$(awk 'BEGIN { FS = ":" }; $2 == "name=systemd" { print $3; }' "/proc/${pid}/cgroup" | head -n1)
if [ -z "${unit}" ]; then
echo >&2 "systemd unit name not found"
exit 127
fi
if [ "${type}" = "system" ]; then
if [ "${unit::14}" = "/system.slice/" ]; then
printf '%s\n' "${unit:14}"
else
echo >&2 "unit '${unit}' is not a system unit"
exit 127
fi
else
printf '%s\n' "${unit}"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment