Package: dkimpy-milter
Severity: wishlist
Version: 1.0.0-1

When running dkimpy-milter on a system that runs systemd, it would be
great to have it be socket-activated.

This would allow dkimpy-milter to avoid needing to drop privileges
(because systemd could start the daemon with privileges already dropped)
and writing a pidfile (no need for a pidfile since systemd already
controls the cgroup), and would also ensure that no other process is
listening on the socket(s) in question, because the system manager could
open the socket(s) as pid 1 and ensure its appropriate delegation.

We could also use systemd .socket unit FileDescriptorName= fields to
identify whether a certain file descriptor is intended to be a signing
milter or a verification milter (see sd_listen_fds(3)), if the preferred
configuration option is different sockets for different functionality.

If you want help in making this happen, i'm happy to offer patches.

          --dkg

Attachment: signature.asc
Description: PGP signature

Reply via email to