From ebfd0ba17e0d4b220725018d16e294e8e22a1745 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Thu, 15 Jan 2015 20:51:39 +0000 Subject: Move Unix domain socket and access control stuff to s6. Move seekablepipe to s6-portable-utils. Version: 2.0.1.0, release candidate --- doc/s6-ipcserver-access.html | 172 ------------------------------------------- 1 file changed, 172 deletions(-) delete mode 100644 doc/s6-ipcserver-access.html (limited to 'doc/s6-ipcserver-access.html') diff --git a/doc/s6-ipcserver-access.html b/doc/s6-ipcserver-access.html deleted file mode 100644 index 515138c..0000000 --- a/doc/s6-ipcserver-access.html +++ /dev/null @@ -1,172 +0,0 @@ - - - - - s6-networking: the s6-ipcserver-access program - - - - - - -

-s6-networking
-Software
-skarnet.org -

- -

The s6-ipcserver-access program

- -

-s6-ipcserver-access is a command-line access -control tool for Unix domain sockets on systems where the -getpeereid() system call can be implemented. -It is meant to be run after -s6-ipcserverd and before -the application program on the s6-ipcserver command line. -

- -

Interface

- -
-     s6-ipcserver-access [ -v verbosity ] [ -E | -e ] [ -l localname ] [ -i rulesdir | -x rulesfile ] prog...
-
- - - -

Environment variables

- -

-s6-ipcserver-access expects to inherit some environment variables from -its parent: -

- - - -

- Additionally, it exports the following variables before executing into -prog...: -

- - - -

- Also, the access rules database can instruct s6-ipcserver-access to set -up, or unset, more environment variables, depending on the client address. -

- -

Options

- - - -

Access rule checking

- -

- s6-ipcserver-access checks its client connection against -a ruleset. This ruleset can be implemented: -

- - - -

- The exact format of the ruleset is described on the -s6-accessrules-cdb-from-fs page. -

- -

-s6-ipcserver-access first reads the client UID uid and -GID gid from the -${PROTO}REMOTEEUID and ${PROTO}REMOTEEGID environment variables, and checks -them with the -s6net_accessrules_keycheck_uidgid() -function. In other words, it tries to match: - -

- -

- in that order. If no S6NET_ACCESSRULES_ALLOW result can be obtained, -the connection is denied. -

- -

Environment and executable modifications

- -

- s6-ipcserver-access interprets non-empty env subdirectories -and exec files -it finds in the first matching rule of the ruleset, as explained -in the s6-accessrules-cdb-from-fs -page. -

- - - - - -- cgit v1.3.1