calibre

Don't call listen() for systemd-allocated sockets

Bug #2039395 reported by Roshan Shariff on 2023-10-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	calibre	Fix Released	Undecided	Unassigned

Bug Description

I'm running calibre-server using systemd socket activation on Linux. For security reasons, it is running inside a container restricted with SELinux.

In the function ServerLoop.serve() in calibre/srv/loop.py, the listen() function is called on the socket, regardless of whether it is a pre-allocated socket or not. However, when the socket is passed by systemd, you only need to call accept() on it, not bind() or listen() (see the code example in [1]).

I think the code should be changed so that both bind() and listen() are skipped for pre-allocated sockets, not just bind() as is done currently.

[1] https://0pointer.de/blog/projects/socket-activation.html

Revision history for this message

Roshan Shariff (roshan.shariff) wrote on 2023-10-16:

I've opened a pull request that fixes this issue: https://github.com/kovidgoyal/calibre/pull/2069.

Revision history for this message

Kovid Goyal (kovid) wrote on 2023-10-16:

We can track this on the PR

Changed in calibre:
status:	New → Invalid

Revision history for this message

Kovid Goyal (kovid) wrote on 2023-10-16:

Fixed in branch master. The fix will be in the next release. calibre is usually released every alternate Friday.

Changed in calibre:
status:	Invalid → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.