Refine domain socket permission

XTLS · Feb 19, 2022 · b3ab94e · b3ab94e
1 parent b6f77e4
commit b3ab94e
Showing 1 changed file with 23 additions and 3 deletions.
diff --git a/transport/internet/system_listener.go b/transport/internet/system_listener.go
@@ -2,7 +2,10 @@ package internet
 
 import (
 	"context"
+	"os"
 	"runtime"
+	"strconv"
+	"strings"
 	"syscall"
 
 	"github.com/pires/go-proxyproto"
@@ -39,11 +42,10 @@ func getControlFunc(ctx context.Context, sockopt *SocketConfig, controllers []co
 	}
 }
 
-func (dl *DefaultListener) Listen(ctx context.Context, addr net.Addr, sockopt *SocketConfig) (net.Listener, error) {
+func (dl *DefaultListener) Listen(ctx context.Context, addr net.Addr, sockopt *SocketConfig) (l net.Listener, err error) {
 	var lc net.ListenConfig
-	var l net.Listener
-	var err error
 	var network, address string
+
 	switch addr := addr.(type) {
 	case *net.TCPAddr:
 		network = addr.Network()
@@ -53,6 +55,24 @@ func (dl *DefaultListener) Listen(ctx context.Context, addr net.Addr, sockopt *S
 		lc.Control = nil
 		network = addr.Network()
 		address = addr.Name
+
+		if s := strings.Split(address, ","); len(s) == 2 {
+			address = s[0]
+			perm, perr := strconv.ParseUint(s[1], 8, 32)
+			if perr != nil {
+				return nil, newError("failed to parse permission: " + s[1]).Base(perr)
+			}
+
+			defer func(file string, permission os.FileMode) {
+				if err == nil {
+					cerr := os.Chmod(address, permission)
+					if cerr != nil {
+						err = newError("failed to set permission for " + file).Base(cerr)
+					}
+				}
+			}(address, os.FileMode(perm))
+		}
+
 		if (runtime.GOOS == "linux" || runtime.GOOS == "android") && address[0] == '@' {
 			// linux abstract unix domain socket is lockfree
 			if len(address) > 1 && address[1] == '@' {