fix: Listening on abstract domain sockets (#7020)

When passed a socket name that starts with @, go will listen on an abstract unix domain socket. Forgejo breaks this by assuming the socket name is a file path and normalizing it to an absolute path. This small commit prevents treating the socket name as a filesystem path if it starts with @. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7020 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Mewp <codeberg.org@mewp.pl> Co-committed-by: Mewp <codeberg.org@mewp.pl>
2025-03-09 16:06:52 +00:00 · 2025-03-09 16:06:52 +00:00 · 377052c90c
parent 584c504e25
commit 377052c90c
4 changed files with 35 additions and 4 deletions
--- a/modules/graceful/net_unix.go
+++ b/modules/graceful/net_unix.go
@ -9,6 +9,7 @@ import (
 	"fmt"
 	"net"
 	"os"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"sync"
@ -235,9 +236,11 @@ func GetListenerUnix(network string, address *net.UnixAddr) (*net.UnixListener,
 		return nil, err
 	}

-	fileMode := os.FileMode(setting.UnixSocketPermission)
-	if err = os.Chmod(address.Name, fileMode); err != nil {
-		return nil, fmt.Errorf("Failed to set permission of unix socket to %s: %w", fileMode.String(), err)
+	if filepath.IsAbs(address.Name) {
+		fileMode := os.FileMode(setting.UnixSocketPermission)
+		if err = os.Chmod(address.Name, fileMode); err != nil {
+			return nil, fmt.Errorf("Failed to set permission of unix socket to %s: %w", fileMode.String(), err)
+		}
 	}

 	activeListeners = append(activeListeners, l)
--- a/modules/graceful/net_unix_linux_test.go
+++ b/modules/graceful/net_unix_linux_test.go
@ -0,0 +1,15 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package graceful
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestAbstractUnixSocket(t *testing.T) {
+	_, err := DefaultGetListener("unix", "@abc")
+	require.NoError(t, err)
+}
--- a/modules/setting/server.go
+++ b/modules/setting/server.go
@ -265,7 +265,7 @@ func loadServerFrom(rootCfg ConfigProvider) {
 		}

 		UnixSocketPermission = uint32(UnixSocketPermissionParsed)
-		if !filepath.IsAbs(HTTPAddr) {
+		if HTTPAddr[0] != '@' && !filepath.IsAbs(HTTPAddr) {
 			HTTPAddr = filepath.Join(AppWorkPath, HTTPAddr)
 		}
 	}
--- a/modules/setting/server_test.go
+++ b/modules/setting/server_test.go
@ -73,3 +73,16 @@ MAX_USER_REDIRECTS = 8`
 	assert.EqualValues(t, 3, Service.UsernameCooldownPeriod)
 	assert.EqualValues(t, 8, Service.MaxUserRedirects)
 }
+
+func TestUnixSocketAbstractNamespace(t *testing.T) {
+	iniStr := `
+	[server]
+	PROTOCOL=http+unix
+	HTTP_ADDR=@forgejo
+	`
+	cfg, err := NewConfigProviderFromData(iniStr)
+	require.NoError(t, err)
+	loadServerFrom(cfg)
+
+	assert.EqualValues(t, "@forgejo", HTTPAddr)
+}