Listen on Unix Domain Socket passed via FD

[septatrix]

Description

Some process managers, most importantly systemd, support passing an opened socket as a file descriptor to services which they can inherit and listen on. This allows the process to run without superuser privileges or the CAP_NET_BIND_SERVICE capability while still being able to listen on ports < 1024. Another advantage is that this allows the service manager to create the socket and start listening without starting the service directly. This can be advantageous for ad-hoc services (like SSH) where the server must not always run saving more resources.

Traditionally (x)inetd has supported something quite similar though that was limited to spawning a new process instance for each incoming connection and connecting the stream to stdin/stdout of the process. The systemd variant simply passes a socket (usually TCP/IP but supports others) as a FD upon which the process can call accept as usual

Implementation ideas

Quarkus needs to be able to construct a server accepting connections on a Server socket constructed from a file descriptior. Ideally this gets auto-detected when $LISTEN_FDS is set but a manual variant would already be a great improvement.

For inetd style socket passing this should be possible using System.inheritedChannel, however, that channel is directly bound to a client and a new process would need to be started for each connection. It is more desirable to create a ServerSocket/ServerChannel which would allow accepting incoming connections as usual.

[geoand]

@franz1981 do you know if Netty has this capability?

[franz1981]

Nope, I have to investigate

[septatrix]

AFAIK it does not but is open to add it: https://github.com/netty/netty/issues/14111

I would also be willing to help with this effort, however, I have no experience with lower level Java or the netty or quarkus codebase so I would need some pointers where to start

[franz1981]

I can help in that @septatrix ; I'm one of the Netty committer, so let's sync there ;)