Re: passing additional FDs to service

[Lennart Poettering <lennart@xxxxxxxxxxxxxx>]

On Fr, 05.07.24 16:19, Andrea Pappacoda (andrea@xxxxxxxxxxxx) wrote:

> Hi all!
>
> I'm writing a small FastCGI daemon which, in addition to the socket used
> to talk FastCGI to the web server, talks SMTP through another (inet)
> socket (as an SMTP client).
>
> The FastCGI socket is created by systemd with a .socket unit and passed
> to the service as an fd (which also enables socket activation), while
> the SMTP socket is opened and managed by the daemon itself.
>
> What I'm asking here is if there's a way to also pass the SMTP socket as
> a file descriptor to the daemon from systemd, so that the daemon doesn't
> need to manage sockets itself (as all it does is reading fds passed by
> the service manager) and can be further restricted with options like
> PrivateNetwork=yes.

Did I get this right, you want that systemd creates an outgoing socket
for you, that connects to some IP service for you, and hands it in
pre-connected? How is that supposed to work given the IP is generally
unreliable, i.e. when you connect to some IP service it might fail,
and you might need to retry, but the socket systemd passed in to you
cannot be reused once if failed.

That said, there's actually a TODO list item to add something like this, but
mostly with AF_UNIX (i.e. reliable) sockets in mind. And maybe this
could be used for per-connection service instance (following the logic
that it's OK if we let the whole incoming conection and its service
instance fail if the onwards connetion fails).

Lennart

--
Lennart Poettering, Berlin