Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add file mode to Pipe listeners #5808

Closed
franklin-stripe opened this issue Feb 1, 2019 · 8 comments · Fixed by #8423
Closed

Add file mode to Pipe listeners #5808

franklin-stripe opened this issue Feb 1, 2019 · 8 comments · Fixed by #8423
Labels
enhancement Feature requests. Not bugs or questions. help wanted Needs help!
Milestone

Comments

@franklin-stripe
Copy link

Title: Add file mode to Pipe listeners

Description:
Envoy can be configured with Unix domain socket listeners via the Pipe Address type. By default, these sockets are created such that only the file owner can read and write to them, and the typical umask of 0022 prevent access from group or world. We have a use case where we'd like to grant fine-grain access to individual Pipe listeners (either via group- or world-permissive configurations)

It'd be nice if Pipes could be configured individually for what mode permissions they should be created with. This would allow users to have fine-grain permissions per-listener, rather than working around it with a broad umask change.

@mattklein123 mattklein123 added the enhancement Feature requests. Not bugs or questions. label Feb 1, 2019
@mattklein123
Copy link
Member

Sounds reasonable to me.

@stale
Copy link

stale bot commented Mar 3, 2019

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

@stale stale bot added the stale stalebot believes this issue/PR has not been touched recently label Mar 3, 2019
@stale
Copy link

stale bot commented Mar 10, 2019

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions.

@stale stale bot closed this as completed Mar 10, 2019
@madeddie
Copy link

This sounds like a great idea and we need it (running envoy as user envoy on a non-dockerized load)

@mattrobenolt
Copy link

This would be really useful to have. Or some implementation of being able to configure user/group and mode on the unix sockets. Similar to how haproxy would do it, etc.

There have also been multiple tickets for this so I didn't want to open another, but it's a shame that these are being auto closed for being stale. :( So I'm adding a louder +1 here mostly in hopes of this getting re-opened.

@alyssawilk maybe? Since you're in the OWNERS.md for listeners? :)

@mattklein123
Copy link
Member

Reopening and marking help wanted.

@mattklein123 mattklein123 reopened this Jun 20, 2019
@stale stale bot removed the stale stalebot believes this issue/PR has not been touched recently label Jun 20, 2019
@mattklein123 mattklein123 added the help wanted Needs help! label Jun 20, 2019
@mattrobenolt
Copy link

Thanks @mattklein123. <3

@athampy
Copy link
Member

athampy commented Sep 28, 2019

I can pick this up

athampy added a commit to athampy/envoy that referenced this issue Oct 3, 2019
athampy added a commit to athampy/envoy that referenced this issue Oct 3, 2019
athampy added a commit to athampy/envoy that referenced this issue Oct 3, 2019
athampy added a commit to athampy/envoy that referenced this issue Oct 3, 2019
athampy added a commit to athampy/envoy that referenced this issue Nov 25, 2019
athampy added a commit to athampy/envoy that referenced this issue Dec 11, 2019
@mattklein123 mattklein123 added this to the 1.13.0 milestone Dec 13, 2019
athampy added a commit to athampy/envoy that referenced this issue Dec 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement Feature requests. Not bugs or questions. help wanted Needs help!
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants