Modify socket path #192
Modify socket path #192
Conversation
| Type=notify | ||
| NonBlocking=true | ||
| Environment=RUST_LOG=info | ||
| WorkingDirectory=/home/parsec/ |
There was a problem hiding this comment.
Should we depend on existence of "parsec" user account and its home? What's the reason?
In the Yocto layer, for example, I install parsec binary into ${bindir}/parsec (although we might want to install it into ${sbindir}) and parsec config into /etc/parsec/config.toml
There was a problem hiding this comment.
Should we depend on existence of "parsec" user account and its home? What's the reason?
This PR is a draft depending on if we accept the secure deployment guidelines described in parallaxsecond/parsec-book#41
The existence of the parsec user and its home is an easy way to ensure that the above guidelines are respected while installing Parsec as an user systemd service. The systemd files can still be customised by the knowledgable admin during deployment to make it suit better to the target environment.
fcad737 to
7649ecb
Compare
Following the secure deployment guide, modify the socket path to /tmp/parsec/parsec.sock Removes socket activation from the systemd unit files. Modifies the permission of the created socket so that all users who can access the /tmp/parsec folder can use it. Adds back the `Cargo.lock` file which was removed. Signed-off-by: Hugues de Valon <hugues.devalon@arm.com>
Following the secure deployment guide, modify the socket path to
/tmp/parsec/parsec.sock
Removes socket activation from the systemd unit files. Modifies the
permission of the created socket so that all users who can access the
/tmp/parsec folder can use it.
Adds back the
Cargo.lockfile which was removed.Signed-off-by: Hugues de Valon hugues.devalon@arm.com