This PR add support for systemd socket activation and adds example (reasonably secure) systemd unit files, and docs.
This create a minimal footprint deployment, in a traditional (non-containerised) settings, whilst using the features of systemd to enhance security by configuring numerous sandboxing options.
Socket activation allows systemd to bind a socket listener to a privileged port (e.g. port 80) and pass it to the speedtest binary (using an inherited file descriptor), which allows further security restrictions to be placed on speedtest in some configurations (speedtest can be restricted from e.g. opening other outbound sockets in configs which don't require connecting to external databases).
maddie
commented
2 years ago
This PR add support for systemd socket activation and adds example (reasonably secure) systemd unit files, and docs.
This create a minimal footprint deployment, in a traditional (non-containerised) settings, whilst using the features of systemd to enhance security by configuring numerous sandboxing options.
Socket activation allows systemd to bind a socket listener to a privileged port (e.g. port 80) and pass it to the speedtest binary (using an inherited file descriptor), which allows further security restrictions to be placed on speedtest in some configurations (speedtest can be restricted from e.g. opening other outbound sockets in configs which don't require connecting to external databases).