From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id mACjHrbPUGB5ewAA0tVLHw (envelope-from ) for ; Tue, 16 Mar 2021 15:33:10 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id UPGAGrbPUGARCAAA1q6Kng (envelope-from ) for ; Tue, 16 Mar 2021 15:33:10 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 2F6441C67D for ; Tue, 16 Mar 2021 16:33:10 +0100 (CET) Received: from localhost ([::1]:44644 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lMBgz-0004aJ-20 for larch@yhetil.org; Tue, 16 Mar 2021 11:33:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57190) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lMBgs-0004Zd-BJ for guix-patches@gnu.org; Tue, 16 Mar 2021 11:33:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:57449) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lMBgs-0000jc-3m for guix-patches@gnu.org; Tue, 16 Mar 2021 11:33:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lMBgr-0001kc-Vg for guix-patches@gnu.org; Tue, 16 Mar 2021 11:33:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#39136] My endlessh patch series References: <874kwx91k6.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me> In-Reply-To: <874kwx91k6.fsf@guixSD.i-did-not-set--mail-host-address--so-tickle-me> Resent-From: Joshua Branson Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 16 Mar 2021 15:33:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 39136 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 39136@debbugs.gnu.org Received: via spool by 39136-submit@debbugs.gnu.org id=B39136.16159087706709 (code B ref 39136); Tue, 16 Mar 2021 15:33:01 +0000 Received: (at 39136) by debbugs.gnu.org; 16 Mar 2021 15:32:50 +0000 Received: from localhost ([127.0.0.1]:40762 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMBgg-0001k9-FO for submit@debbugs.gnu.org; Tue, 16 Mar 2021 11:32:50 -0400 Received: from mx1.dismail.de ([78.46.223.134]:15951) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMBgf-0001js-5h for 39136@debbugs.gnu.org; Tue, 16 Mar 2021 11:32:50 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 6a7a8599 for <39136@debbugs.gnu.org>; Tue, 16 Mar 2021 16:32:41 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date :message-id:from:to:subject; s=20190914; bh=Od5ECtnalWwbRzVygkza bg6EEc6xgKcKA0/qTxYScpY=; b=az8nCDmYkBuEZgBT/03kQgjHWOeQG77pB9cC PXGe6VvaB+RJfZUNAX1XDMVlibXzsuSpwQRZEjYoAW1TfuxHfevikOiifhK99kV7 sKRyGp3OQOtc6n13QVO5EbDHXEslzExSPTZ9wAeTAcDCdgmH6W2WBx2Mj6XlEuCF N+6wc+CVg+yeUh0FIHQLpKxzUTzzEjJOFMC3S0D/di8n+cqdfCja5cSjFrDS0Mhx Fk8nPDWMHuwHGOj9QWniZpX8xTgFwvgmAndHn4PKC5JATIPLLHCmNy+sgd1e4juy oO6AWdnWWRyeckIvTgfzyds99zXP1ks/DjfuqXIWJ37AntYSyg== Received: from smtp2.dismail.de ( [10.240.26.12]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 69d59fc6 for <39136@debbugs.gnu.org>; Tue, 16 Mar 2021 16:32:41 +0100 (CET) Received: from smtp2.dismail.de (localhost [127.0.0.1]) by smtp2.dismail.de (OpenSMTPD) with ESMTP id 7d26d748 for <39136@debbugs.gnu.org>; Tue, 16 Mar 2021 16:32:41 +0100 (CET) Received: by dismail.de (OpenSMTPD) with ESMTPSA id c4b0a7e4 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for <39136@debbugs.gnu.org>; Tue, 16 Mar 2021 16:32:40 +0100 (CET) Date: Tue, 16 Mar 2021 11:32:21 -0400 Message-Id: <87a6r39ksa.fsf@dismail.de> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: Joshua Branson X-ACL-Warn: , Joshua Branson via Guix-patches From: Joshua Branson via Guix-patches via X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1615908790; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=F5FmlEnkWM1JbJrS8J9tI3k0M5X7iipoWkEZsk7xDo8=; b=DhpqvBNsoGWKYF7wdspXHx5Ohs0WVMOXrYzvlrpE1ukMKKksyM6+4uUS7U/LjNEbP9wBal dY0p044cRIzyU1prSil4mjUxAQNHjSjnoi+6YPXk89pivvp+3YVuMInlHvzSG661LB893w /SVDMmxhvrc3Tf+JSSt4m8OQm5i7cGb8fbGfYiPKNHqXhQHUxcHdKSKKkV5vzGMHSqM0Rm GlPCa90665Sd37aU3wwa/y4S9CcTZfpTCp23XIydnP/Y2c2zbIHGWK5Go5DbXBomJ1J7+M +WN8Hl9+e5Rb2NBgHajT7LOUv7fUhiKm0SednZnSIOVXiDirh7pFbhtEuj+F0Q== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1615908790; a=rsa-sha256; cv=none; b=ps2Vd47GxjhWhXHHEtoK8Rb4CQrWcniIxvMMBH9BgogyYv5aZJnXuGmenppjDIvwbx9fRR eLzWwNUi5vH7KtioIdpsrzKNSvMDb+x/OY9zMDw8RuXs0dmzd+ttZpxquyTZEPLyU+vPaC J0uh5/4Os0ZGS5+FEWg7tpmk83L3g7xONWBQ73me0wSC95/4FbkMYmMbrvnUHmGoDX12GA aDg7ly0DiYXkJd2mGX+0+o+ZDsK4WrRv4VeczDZe+rkC0wupUN5t7EjdE6ufkzeCS7gThm FEKDmGsr4VZSomln970EVKi+hKmdsRMoO7tWOWkOogW1LOYYEkRvFqGf57bMOg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=dismail.de header.s=20190914 header.b=az8nCDmY; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -2.40 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=dismail.de header.s=20190914 header.b=az8nCDmY; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 2F6441C67D X-Spam-Score: -2.40 X-Migadu-Scanner: scn0.migadu.com X-TUID: 1yClAEnnR1yl So I've been working on this endlessh service for a while. I believe it could be better, but perfectionist can only do one thing perfectly: nothing. So I've submitted the above patch series. Let me know if it needs more work. At the moment, I believe that endlessh runs as root. It would be nice to let it run as user nobody or something like that. The endlessh systemd file provides an example of how to do that: https://github.com/skeeto/endlessh/blob/master/util/endlessh.service ## If you want Endlessh to bind on ports < 1024 ## 1) run: ## setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh ## 2) uncomment following line #AmbientCapabilities=CAP_NET_BIND_SERVICE ## 3) comment following line PrivateUsers=true Though setcap 'cap_net_bind_service=+ep' is linux specific. And I'm not certain if guix has a method for running setcap on items in the store. Those are just some relevant thoughts for improving the service! Thanks!