Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 9494116

Browse files
chibenwachibenwa
committed
FIX Restrict socket permissions and manage ACLs if needed
1 parent ed6e82a commit 9494116

File tree

2 files changed

+5
-6
lines changed

2 files changed

+5
-6
lines changed

docs/en/latest/how-it-works.md

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -64,11 +64,7 @@ Note: If you see some error logs like
6464
phase_func(): failed to connect to the unix socket unix:/tmp/runner.sock: permission denied
6565
```
6666

67-
in the `error.log` of APISIX, you can change the permissions of this file for debug, execute commands like
68-
69-
```shell
70-
chmod 766 /tmp/runner.sock
71-
```
67+
in the `error.log` of APISIX, ensure the APISIX user is provided rights on the socket.
7268

7369
To get more detailed debugging information, you can modify the output level of the log.
7470
Configure the log level in `runner-starter/src/main/resources/application.yaml`, as below
@@ -118,3 +114,5 @@ then add the following configure in the `config.yaml` file of APISIX
118114
ext-plugin:
119115
cmd: ['java', '-jar', '-Xmx4g', '-Xms4g', '/path/to/apisix-runner-bin/apisix-java-plugin-runner.jar']
120116
```
117+
118+
If running on a different user grant extra management of the rights of the created socket is needed after starting the java-plugin-runner.

runner-core/src/main/java/org/apache/apisix/plugin/runner/server/ApplicationRunner.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
import org.springframework.beans.factory.annotation.Value;
3333
import org.springframework.boot.CommandLineRunner;
3434
import org.springframework.stereotype.Component;
35+
3536
import com.google.common.cache.Cache;
3637
import io.netty.bootstrap.ServerBootstrap;
3738
import io.netty.channel.ChannelFuture;
@@ -114,7 +115,7 @@ public void start(String path) throws Exception {
114115
try {
115116
initServerBootstrap(bootstrap);
116117
ChannelFuture future = bootstrap.bind(new DomainSocketAddress(path)).sync();
117-
Runtime.getRuntime().exec("chmod 777 " + socketFile);
118+
Runtime.getRuntime().exec("chmod 700 " + socketFile);
118119
logger.warn("java runner is listening on the socket file: {}", socketFile);
119120

120121
future.channel().closeFuture().sync();

0 commit comments

Comments
 (0)