On Tuesday, 15 September 2020 19:37:41 BST Glyph wrote: > > On Sep 15, 2020, at 10:05 AM, Barry Scott <barry.sc...@forcepoint.com> > > wrote: > > > > We do this so that we can open priv'ed ports that the children will share. > > We drop priv's after the priv'ed ports are opened. > > A better way to do this might be to use something like the systemd activation > endpoint, so you never need privileges in your code in the first place: > > https://twistedmatrix.com/documents/current/core/howto/systemd.html#socket-activation > > <https://twistedmatrix.com/documents/current/core/howto/systemd.html#socket-activation>
Yep, but at the moment I'm on Centos 6 (no systemd) porting to Centos 8 at the moment. I'm not sure socket activation is the way forward, but there are a lot of other tricks in systemd that should help. Also there is the idea to pass the prived FD's over sockets into the non priv'ed code etc. Barry _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
