-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add file mode
to Pipe
listeners
#5808
Comments
Sounds reasonable to me. |
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions. |
This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions. |
This sounds like a great idea and we need it (running envoy as user envoy on a non-dockerized load) |
This would be really useful to have. Or some implementation of being able to configure user/group and mode on the unix sockets. Similar to how haproxy would do it, etc. There have also been multiple tickets for this so I didn't want to open another, but it's a shame that these are being auto closed for being stale. :( So I'm adding a louder +1 here mostly in hopes of this getting re-opened. @alyssawilk maybe? Since you're in the OWNERS.md for listeners? :) |
Reopening and marking help wanted. |
Thanks @mattklein123. <3 |
I can pick this up |
Signed-off-by: Akhil Thampy <[email protected]>
Signed-off-by: Akhil Thampy <[email protected]>
Signed-off-by: Akhil Thampy <[email protected]>
Signed-off-by: Akhil Thampy <[email protected]>
Title: Add file
mode
toPipe
listenersDescription:
Envoy can be configured with Unix domain socket listeners via the
Pipe
Address
type. By default, these sockets are created such that only the file owner can read and write to them, and the typical umask of0022
prevent access from group or world. We have a use case where we'd like to grant fine-grain access to individualPipe
listeners (either via group- or world-permissive configurations)It'd be nice if
Pipe
s could be configured individually for whatmode
permissions they should be created with. This would allow users to have fine-grain permissions per-listener, rather than working around it with a broad umask change.The text was updated successfully, but these errors were encountered: