ws: connect to cockpit-session via socket

Unless it's otherwise specified in the configuration file, we now spawn cockpit-session by connecting to /run/cockpit/session. We leave the cockpit_ws_session_program variable in place to allow the tests to override things. Update the unit files for cockpit-ws to ensure that the socket is available when cockpit-ws is running.
cockpit-project · Jan 11, 2022 · 4768a60 · 4768a60
1 parent 15ae6dc
commit 4768a60
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 5 deletions.
diff --git a/selinux/cockpit.te b/selinux/cockpit.te
@@ -49,9 +49,6 @@ can_exec(cockpit_ws_t,cockpit_ws_exec_t)
 # systemd can execute cockpit-session
 can_exec(init_t,cockpit_session_exec_t)
 
-# cockpit-ws can execute cockpit-session
-can_exec(cockpit_ws_t,cockpit_session_exec_t)
-
 # cockpit-ws can read from /dev/urandom
 dev_read_urand(cockpit_ws_t) # for authkey
 dev_read_rand(cockpit_ws_t)  # for libssh

diff --git a/src/systemd/cockpit-wsinstance-http.service.in b/src/systemd/cockpit-wsinstance-http.service.in
@@ -2,6 +2,8 @@
 Description=Cockpit Web Service http instance
 BindsTo=cockpit.service
 Documentation=man:cockpit-ws(8)
+Requires=cockpit-session.socket
+After=cockpit-session.socket
 
 [Service]
 ExecStart=@libexecdir@/cockpit-ws --no-tls --port=0

diff --git a/src/systemd/[email protected] b/src/systemd/[email protected]
@@ -2,6 +2,8 @@
 Description=Cockpit Web Service https instance %I
 BindsTo=cockpit.service
 Documentation=man:cockpit-ws(8)
+Requires=cockpit-session.socket
+After=cockpit-session.socket
 
 [Service]
 Slice=system-cockpithttps.slice

diff --git a/src/ws/cockpitauth.c b/src/ws/cockpitauth.c
@@ -50,7 +50,7 @@
 #define LOCAL_SESSION "local-session"
 
 /* Some tunables that can be set from tests */
-const gchar *cockpit_ws_session_program = LIBEXECDIR "/cockpit-session";
+const gchar *cockpit_ws_session_program = NULL;
 const gchar *cockpit_ws_ssh_program = LIBEXECDIR "/cockpit-ssh";
 
 /* Timeout of authenticated session when no connections */
@@ -1137,7 +1137,12 @@ cockpit_session_launch (CockpitAuth *self,
            g_str_equal (type, "tls-cert"))
     {
       if (command == NULL && connect_to == NULL)
-        command = cockpit_ws_session_program;
+        {
+          if (cockpit_ws_session_program)
+            command = cockpit_ws_session_program;
+          else
+            connect_to = "/run/cockpit/session";
+        }
     }
 
   g_autoptr(CockpitPipe) pipe = NULL;