From 1ba1d98bb10e2570cb5f20479fec931152cea42b Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Mon, 27 Apr 2020 09:26:33 -0400 Subject: [PATCH 1/8] update docs for unix sockets --- filebeat/docs/inputs/input-syslog.asciidoc | 2 ++ filebeat/docs/inputs/input-unix.asciidoc | 35 ++++++++++++++++++++++ filebeat/input/syslog/config.go | 3 ++ filebeat/input/unix/input.go | 2 ++ 4 files changed, 42 insertions(+) create mode 100644 filebeat/docs/inputs/input-unix.asciidoc diff --git a/filebeat/docs/inputs/input-syslog.asciidoc b/filebeat/docs/inputs/input-syslog.asciidoc index 0c360a03f7f..f9a24c04b81 100644 --- a/filebeat/docs/inputs/input-syslog.asciidoc +++ b/filebeat/docs/inputs/input-syslog.asciidoc @@ -51,6 +51,8 @@ include::../inputs/input-common-tcp-options.asciidoc[] ===== Protocol `unix`: +beta[] + include::../inputs/input-common-unix-options.asciidoc[] [id="{beatname_lc}-input-{type}-common-options"] diff --git a/filebeat/docs/inputs/input-unix.asciidoc b/filebeat/docs/inputs/input-unix.asciidoc new file mode 100644 index 00000000000..eb4c40a9841 --- /dev/null +++ b/filebeat/docs/inputs/input-unix.asciidoc @@ -0,0 +1,35 @@ +:type: unix + +[id="{beatname_lc}-input-{type}"] +=== Unix input + +beta[] + +++++ +Unix +++++ + +Use the `Unix` input to read events over a stream-oriented Unix domain socket. + +Example configuration: + +["source","yaml",subs="attributes"] +---- +{beatname_lc}.inputs: +- type: unix + max_message_size: 10MiB + path: "/var/run/filebeat.sock" +---- + + +==== Configuration options + +The `unix` input supports the following configuration options plus the +<<{beatname_lc}-input-{type}-common-options>> described later. + +include::../inputs/input-common-unix-options.asciidoc[] + +[id="{beatname_lc}-input-{type}-common-options"] +include::../inputs/input-common-options.asciidoc[] + +:type!: diff --git a/filebeat/input/syslog/config.go b/filebeat/input/syslog/config.go index 5b6ac1452b4..ff009bfb1dd 100644 --- a/filebeat/input/syslog/config.go +++ b/filebeat/input/syslog/config.go @@ -30,6 +30,7 @@ import ( "github.com/elastic/beats/v7/filebeat/inputsource/udp" "github.com/elastic/beats/v7/filebeat/inputsource/unix" "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/cfgwarn" "github.com/elastic/beats/v7/libbeat/logp" ) @@ -98,6 +99,8 @@ func factory( return tcp.New(&config.Config, factory) case unix.Name: + cfgwarn.Beta("Syslog Unix socket support is beta.") + config := defaultUnix if err := cfg.Unpack(&config); err != nil { return nil, err diff --git a/filebeat/input/unix/input.go b/filebeat/input/unix/input.go index 12c091f00da..19609cb5ab8 100644 --- a/filebeat/input/unix/input.go +++ b/filebeat/input/unix/input.go @@ -30,6 +30,7 @@ import ( "github.com/elastic/beats/v7/filebeat/inputsource/unix" "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/cfgwarn" "github.com/elastic/beats/v7/libbeat/logp" ) @@ -56,6 +57,7 @@ func NewInput( connector channel.Connector, context input.Context, ) (input.Input, error) { + cfgwarn.Beta("Unix socket support is beta.") out, err := connector.ConnectWith(cfg, beat.ClientConfig{ Processing: beat.ProcessingConfig{ From 865a72193cbf82039a768cab685a26f7b7d49e81 Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Mon, 27 Apr 2020 10:32:51 -0400 Subject: [PATCH 2/8] Update filebeat/docs/inputs/input-unix.asciidoc Co-Authored-By: Andrew Kroh --- filebeat/docs/inputs/input-unix.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebeat/docs/inputs/input-unix.asciidoc b/filebeat/docs/inputs/input-unix.asciidoc index eb4c40a9841..a2f445159b7 100644 --- a/filebeat/docs/inputs/input-unix.asciidoc +++ b/filebeat/docs/inputs/input-unix.asciidoc @@ -9,7 +9,7 @@ beta[] Unix ++++ -Use the `Unix` input to read events over a stream-oriented Unix domain socket. +Use the `unix` input to read events over a stream-oriented Unix domain socket. Example configuration: From ad6b27605cda6c18e1c75204da361de687d9552e Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Mon, 27 Apr 2020 22:41:09 -0400 Subject: [PATCH 3/8] Add socket cleanup code, and socket ownership modification --- .../inputs/input-common-unix-options.asciidoc | 16 ++++ filebeat/inputsource/unix/config.go | 2 + filebeat/inputsource/unix/server.go | 72 +++++++++++++++ filebeat/inputsource/unix/server_test.go | 91 +++++++++++++++++++ 4 files changed, 181 insertions(+) diff --git a/filebeat/docs/inputs/input-common-unix-options.asciidoc b/filebeat/docs/inputs/input-common-unix-options.asciidoc index 443fe761274..f69951232b5 100644 --- a/filebeat/docs/inputs/input-common-unix-options.asciidoc +++ b/filebeat/docs/inputs/input-common-unix-options.asciidoc @@ -16,6 +16,22 @@ The maximum size of the message received over the socket. The default is `20MiB` The path to the Unix socket that will receive event streams. +[float] +[id="{beatname_lc}-input-{type}-unix-user"] +==== `user` + +The user ownership of the Unix socket that will be created by Filebeat. +The default is the user Filebeat is running as. This option is ignored on +Windows. + +[float] +[id="{beatname_lc}-input-{type}-unix-user"] +==== `group` + +The group ownership of the Unix socket that will be created by Filebeat. +The default is the user group of the user Filebeat is running as. +This option is ignored on Windows. + [float] [id="{beatname_lc}-input-{type}-unix-line-delimiter"] ==== `line_delimiter` diff --git a/filebeat/inputsource/unix/config.go b/filebeat/inputsource/unix/config.go index 79b2a43dd08..8902eaef732 100644 --- a/filebeat/inputsource/unix/config.go +++ b/filebeat/inputsource/unix/config.go @@ -30,6 +30,8 @@ const Name = "unix" // Config exposes the unix configuration. type Config struct { Path string `config:"path"` + User *string `config:"user"` + Group *string `config:"group"` Timeout time.Duration `config:"timeout" validate:"nonzero,positive"` MaxMessageSize cfgtype.ByteSize `config:"max_message_size" validate:"nonzero,positive"` MaxConnections int `config:"max_connections"` diff --git a/filebeat/inputsource/unix/server.go b/filebeat/inputsource/unix/server.go index 965a3300282..ee74823d571 100644 --- a/filebeat/inputsource/unix/server.go +++ b/filebeat/inputsource/unix/server.go @@ -20,10 +20,16 @@ package unix import ( "fmt" "net" + "os" + "os/user" + "runtime" + "strconv" "golang.org/x/net/netutil" "github.com/elastic/beats/v7/filebeat/inputsource/common" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/pkg/errors" ) // Server represent a unix server @@ -55,13 +61,79 @@ func New( } func (s *Server) createServer() (net.Listener, error) { + if err := s.cleanupStaleSocket(); err != nil { + return nil, err + } + l, err := net.Listen("unix", s.config.Path) if err != nil { return nil, err } + if err := s.setSocketOwnership(); err != nil { + return nil, err + } + if s.config.MaxConnections > 0 { return netutil.LimitListener(l, s.config.MaxConnections), nil } return l, nil } + +func (s *Server) cleanupStaleSocket() error { + path := s.config.Path + if info, err := os.Stat(path); !os.IsNotExist(err) { + if info.Mode()&os.ModeSocket == 0 { + return fmt.Errorf("refusing to remove file at location %s, it is not a socket", path) + } + + if err := os.Remove(path); err != nil { + return errors.Wrapf( + err, + "cannot remove existing unix socket file at location %s", + path, + ) + } + } + return nil +} + +func (s *Server) setSocketOwnership() error { + if runtime.GOOS == "windows" { + logger := logp.NewLogger("unix") + if s.config.User != nil { + logger.Warn("windows does not support the 'user' configuration option, ignoring") + } + if s.config.Group != nil { + logger.Warn("windows does not support the 'group' configuration option, ignoring") + } + return nil + } + // -1 == do not change + uid := -1 + gid := -1 + if s.config.User != nil { + u, err := user.Lookup(*s.config.User) + if err != nil { + return err + } + uid, err = strconv.Atoi(u.Uid) + if err != nil { + return err + } + } + if s.config.Group != nil { + g, err := user.LookupGroup(*s.config.Group) + if err != nil { + return err + } + gid, err = strconv.Atoi(g.Gid) + if err != nil { + return err + } + } + if uid != -1 || gid != -1 { + return os.Chown(s.config.Path, uid, gid) + } + return nil +} diff --git a/filebeat/inputsource/unix/server_test.go b/filebeat/inputsource/unix/server_test.go index 36e75c757e9..a52bbecb4ec 100644 --- a/filebeat/inputsource/unix/server_test.go +++ b/filebeat/inputsource/unix/server_test.go @@ -23,7 +23,10 @@ import ( "math/rand" "net" "os" + "os/user" "path/filepath" + "runtime" + "strconv" "strings" "testing" "time" @@ -35,6 +38,7 @@ import ( "github.com/elastic/beats/v7/filebeat/inputsource" netcommon "github.com/elastic/beats/v7/filebeat/inputsource/common" "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/file" "github.com/elastic/beats/v7/libbeat/logp" ) @@ -207,6 +211,93 @@ func TestReceiveEventsAndMetadata(t *testing.T) { } } +func TestSocketOwnership(t *testing.T) { + if runtime.GOOS == "windows" { + t.Skip("changing socket ownership is only supported on non-windows") + return + } + + groups, err := os.Getgroups() + require.NoError(t, err) + + if len(groups) <= 1 { + t.Skip("no group that we can change to") + return + } + + group, err := user.LookupGroupId(strconv.Itoa(groups[1])) + require.NoError(t, err) + current, err := user.Current() + require.NoError(t, err) + + path := filepath.Join(os.TempDir(), "test.sock") + cfg, _ := common.NewConfigFrom(map[string]interface{}{ + "path": path, + "user": current.Name, + "group": group.Name, + }) + config := defaultConfig + err = cfg.Unpack(&config) + require.NoError(t, err) + + factory := netcommon.SplitHandlerFactory(netcommon.FamilyUnix, logp.NewLogger("test"), MetadataCallback, nil, netcommon.SplitFunc([]byte("\n"))) + server, err := New(&config, factory) + require.NoError(t, err) + err = server.Start() + require.NoError(t, err) + defer server.Stop() + + info, err := file.Lstat(path) + require.NoError(t, err) + require.NotEqual(t, 0, info.Mode()&os.ModeSocket) + require.Equal(t, os.FileMode(0755), info.Mode().Perm()) + uid, err := info.UID() + require.NoError(t, err) + gid, err := info.GID() + require.NoError(t, err) + require.Equal(t, current.Uid, strconv.Itoa(uid)) + require.Equal(t, group.Gid, strconv.Itoa(gid)) +} + +func TestSocketCleanup(t *testing.T) { + path := filepath.Join(os.TempDir(), "test.sock") + mockStaleSocket, err := net.Listen("unix", path) + require.NoError(t, err) + defer mockStaleSocket.Close() + + cfg, _ := common.NewConfigFrom(map[string]interface{}{ + "path": path, + }) + config := defaultConfig + require.NoError(t, cfg.Unpack(&config)) + factory := netcommon.SplitHandlerFactory(netcommon.FamilyUnix, logp.NewLogger("test"), MetadataCallback, nil, netcommon.SplitFunc([]byte("\n"))) + server, err := New(&config, factory) + require.NoError(t, err) + err = server.Start() + require.NoError(t, err) + server.Stop() +} + +func TestSocketCleanupRefusal(t *testing.T) { + path := filepath.Join(os.TempDir(), "test.sock") + f, err := os.Create(path) + require.NoError(t, err) + require.NoError(t, f.Close()) + defer os.Remove(path) + + cfg, _ := common.NewConfigFrom(map[string]interface{}{ + "path": path, + }) + config := defaultConfig + require.NoError(t, cfg.Unpack(&config)) + factory := netcommon.SplitHandlerFactory(netcommon.FamilyUnix, logp.NewLogger("test"), MetadataCallback, nil, netcommon.SplitFunc([]byte("\n"))) + server, err := New(&config, factory) + require.NoError(t, err) + err = server.Start() + require.Error(t, err) + require.Contains(t, err.Error(), "refusing to remove file at location") +} + func TestReceiveNewEventsConcurrently(t *testing.T) { workers := 4 eventsCount := 100 From 8981dfb6f335ba2c3690af1de3302d6ccd1f5784 Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Mon, 27 Apr 2020 22:43:00 -0400 Subject: [PATCH 4/8] rearrange imports --- filebeat/inputsource/unix/server.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebeat/inputsource/unix/server.go b/filebeat/inputsource/unix/server.go index ee74823d571..a24275e3ec5 100644 --- a/filebeat/inputsource/unix/server.go +++ b/filebeat/inputsource/unix/server.go @@ -25,11 +25,11 @@ import ( "runtime" "strconv" + "github.com/pkg/errors" "golang.org/x/net/netutil" "github.com/elastic/beats/v7/filebeat/inputsource/common" "github.com/elastic/beats/v7/libbeat/logp" - "github.com/pkg/errors" ) // Server represent a unix server From 1c448a3bd560d0160319d821e19f4489a3ec289d Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Mon, 27 Apr 2020 22:46:26 -0400 Subject: [PATCH 5/8] updated docs --- filebeat/docs/inputs/input-common-unix-options.asciidoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/filebeat/docs/inputs/input-common-unix-options.asciidoc b/filebeat/docs/inputs/input-common-unix-options.asciidoc index f69951232b5..a41804536be 100644 --- a/filebeat/docs/inputs/input-common-unix-options.asciidoc +++ b/filebeat/docs/inputs/input-common-unix-options.asciidoc @@ -21,15 +21,15 @@ The path to the Unix socket that will receive event streams. ==== `user` The user ownership of the Unix socket that will be created by Filebeat. -The default is the user Filebeat is running as. This option is ignored on +The default is the user name of the user Filebeat is running as. This option is ignored on Windows. [float] -[id="{beatname_lc}-input-{type}-unix-user"] +[id="{beatname_lc}-input-{type}-unix-group"] ==== `group` The group ownership of the Unix socket that will be created by Filebeat. -The default is the user group of the user Filebeat is running as. +The default is the primary group name for the user Filebeat is running as. This option is ignored on Windows. [float] From 9c06bb06f4adcac91871d446071b47cfad885634 Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Tue, 28 Apr 2020 08:53:38 -0400 Subject: [PATCH 6/8] Switch to group chown and chmod only --- .../inputs/input-common-unix-options.asciidoc | 16 ++-- filebeat/inputsource/unix/config.go | 2 +- filebeat/inputsource/unix/server.go | 77 +++++++++++-------- filebeat/inputsource/unix/server_test.go | 11 +-- libbeat/common/seccomp/policy_linux_386.go | 1 + libbeat/common/seccomp/policy_linux_amd64.go | 1 + 6 files changed, 57 insertions(+), 51 deletions(-) diff --git a/filebeat/docs/inputs/input-common-unix-options.asciidoc b/filebeat/docs/inputs/input-common-unix-options.asciidoc index a41804536be..40d216210c3 100644 --- a/filebeat/docs/inputs/input-common-unix-options.asciidoc +++ b/filebeat/docs/inputs/input-common-unix-options.asciidoc @@ -16,14 +16,6 @@ The maximum size of the message received over the socket. The default is `20MiB` The path to the Unix socket that will receive event streams. -[float] -[id="{beatname_lc}-input-{type}-unix-user"] -==== `user` - -The user ownership of the Unix socket that will be created by Filebeat. -The default is the user name of the user Filebeat is running as. This option is ignored on -Windows. - [float] [id="{beatname_lc}-input-{type}-unix-group"] ==== `group` @@ -32,6 +24,14 @@ The group ownership of the Unix socket that will be created by Filebeat. The default is the primary group name for the user Filebeat is running as. This option is ignored on Windows. +[float] +[id="{beatname_lc}-input-{type}-unix-mode"] +==== `mode` + +The file mode of the Unix socket that will be created by Filebeat. This is +expected to be an octal umask. The default valus is the system default (generally +`0755`). + [float] [id="{beatname_lc}-input-{type}-unix-line-delimiter"] ==== `line_delimiter` diff --git a/filebeat/inputsource/unix/config.go b/filebeat/inputsource/unix/config.go index 8902eaef732..5051ab86e75 100644 --- a/filebeat/inputsource/unix/config.go +++ b/filebeat/inputsource/unix/config.go @@ -30,8 +30,8 @@ const Name = "unix" // Config exposes the unix configuration. type Config struct { Path string `config:"path"` - User *string `config:"user"` Group *string `config:"group"` + Mode *string `config:"mode"` Timeout time.Duration `config:"timeout" validate:"nonzero,positive"` MaxMessageSize cfgtype.ByteSize `config:"max_message_size" validate:"nonzero,positive"` MaxConnections int `config:"max_connections"` diff --git a/filebeat/inputsource/unix/server.go b/filebeat/inputsource/unix/server.go index a24275e3ec5..bff60e4da29 100644 --- a/filebeat/inputsource/unix/server.go +++ b/filebeat/inputsource/unix/server.go @@ -74,6 +74,10 @@ func (s *Server) createServer() (net.Listener, error) { return nil, err } + if err := s.setSocketMode(); err != nil { + return nil, err + } + if s.config.MaxConnections > 0 { return netutil.LimitListener(l, s.config.MaxConnections), nil } @@ -82,58 +86,63 @@ func (s *Server) createServer() (net.Listener, error) { func (s *Server) cleanupStaleSocket() error { path := s.config.Path - if info, err := os.Stat(path); !os.IsNotExist(err) { - if info.Mode()&os.ModeSocket == 0 { - return fmt.Errorf("refusing to remove file at location %s, it is not a socket", path) + info, err := os.Lstat(path) + if err != nil { + // If the file does not exist, then the cleanup can be considered successful. + if os.IsNotExist(err) { + return nil } + return errors.Wrapf(err, "cannot lstat unix socket file at location %s", path) + } - if err := os.Remove(path); err != nil { - return errors.Wrapf( - err, - "cannot remove existing unix socket file at location %s", - path, - ) - } + if info.Mode()&os.ModeSocket == 0 { + return fmt.Errorf("refusing to remove file at location %s, it is not a socket", path) + } + + if err := os.Remove(path); err != nil { + return errors.Wrapf(err, "cannot remove existing unix socket file at location %s", path) } + return nil } func (s *Server) setSocketOwnership() error { - if runtime.GOOS == "windows" { - logger := logp.NewLogger("unix") - if s.config.User != nil { - logger.Warn("windows does not support the 'user' configuration option, ignoring") - } - if s.config.Group != nil { - logger.Warn("windows does not support the 'group' configuration option, ignoring") + if s.config.Group != nil { + if runtime.GOOS == "windows" { + logp.NewLogger("unix").Warn("windows does not support the 'group' configuration option, ignoring") + return nil } - return nil - } - // -1 == do not change - uid := -1 - gid := -1 - if s.config.User != nil { - u, err := user.Lookup(*s.config.User) + g, err := user.LookupGroup(*s.config.Group) if err != nil { return err } - uid, err = strconv.Atoi(u.Uid) + gid, err := strconv.Atoi(g.Gid) if err != nil { return err } + return os.Chown(s.config.Path, -1, gid) } - if s.config.Group != nil { - g, err := user.LookupGroup(*s.config.Group) - if err != nil { - return err - } - gid, err = strconv.Atoi(g.Gid) + return nil +} + +func (s *Server) setSocketMode() error { + if s.config.Mode != nil { + mode, err := parseFileMode(*s.config.Mode) if err != nil { return err } - } - if uid != -1 || gid != -1 { - return os.Chown(s.config.Path, uid, gid) + return os.Chmod(s.config.Path, mode) } return nil } + +func parseFileMode(mode string) (os.FileMode, error) { + parsed, err := strconv.ParseUint(mode, 8, 32) + if err != nil { + return 0, err + } + if parsed > 0777 { + return 0, errors.New("invalid file mode") + } + return os.FileMode(parsed), nil +} diff --git a/filebeat/inputsource/unix/server_test.go b/filebeat/inputsource/unix/server_test.go index a52bbecb4ec..a73760225ea 100644 --- a/filebeat/inputsource/unix/server_test.go +++ b/filebeat/inputsource/unix/server_test.go @@ -211,7 +211,7 @@ func TestReceiveEventsAndMetadata(t *testing.T) { } } -func TestSocketOwnership(t *testing.T) { +func TestSocketOwnershipAndMode(t *testing.T) { if runtime.GOOS == "windows" { t.Skip("changing socket ownership is only supported on non-windows") return @@ -227,14 +227,12 @@ func TestSocketOwnership(t *testing.T) { group, err := user.LookupGroupId(strconv.Itoa(groups[1])) require.NoError(t, err) - current, err := user.Current() - require.NoError(t, err) path := filepath.Join(os.TempDir(), "test.sock") cfg, _ := common.NewConfigFrom(map[string]interface{}{ "path": path, - "user": current.Name, "group": group.Name, + "mode": "0740", }) config := defaultConfig err = cfg.Unpack(&config) @@ -250,12 +248,9 @@ func TestSocketOwnership(t *testing.T) { info, err := file.Lstat(path) require.NoError(t, err) require.NotEqual(t, 0, info.Mode()&os.ModeSocket) - require.Equal(t, os.FileMode(0755), info.Mode().Perm()) - uid, err := info.UID() - require.NoError(t, err) + require.Equal(t, os.FileMode(0740), info.Mode().Perm()) gid, err := info.GID() require.NoError(t, err) - require.Equal(t, current.Uid, strconv.Itoa(uid)) require.Equal(t, group.Gid, strconv.Itoa(gid)) } diff --git a/libbeat/common/seccomp/policy_linux_386.go b/libbeat/common/seccomp/policy_linux_386.go index 76b24714cac..acbc69ddd1f 100644 --- a/libbeat/common/seccomp/policy_linux_386.go +++ b/libbeat/common/seccomp/policy_linux_386.go @@ -32,6 +32,7 @@ func init() { "access", "brk", "chmod", + "chown", "clock_gettime", "clone", "close", diff --git a/libbeat/common/seccomp/policy_linux_amd64.go b/libbeat/common/seccomp/policy_linux_amd64.go index 92b5fbe488a..bf1e4bc31c5 100644 --- a/libbeat/common/seccomp/policy_linux_amd64.go +++ b/libbeat/common/seccomp/policy_linux_amd64.go @@ -35,6 +35,7 @@ func init() { "bind", "brk", "chmod", + "chown", "clock_gettime", "clone", "close", From 5024ba6c0a93132899a6403adcc071680a1862b8 Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Tue, 28 Apr 2020 09:00:52 -0400 Subject: [PATCH 7/8] Fix docs --- filebeat/docs/inputs/input-common-unix-options.asciidoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/filebeat/docs/inputs/input-common-unix-options.asciidoc b/filebeat/docs/inputs/input-common-unix-options.asciidoc index 40d216210c3..f73278944a6 100644 --- a/filebeat/docs/inputs/input-common-unix-options.asciidoc +++ b/filebeat/docs/inputs/input-common-unix-options.asciidoc @@ -29,8 +29,8 @@ This option is ignored on Windows. ==== `mode` The file mode of the Unix socket that will be created by Filebeat. This is -expected to be an octal umask. The default valus is the system default (generally -`0755`). +expected to be a file mode as an octal string. The default value is the system +default (generally `0755`). [float] [id="{beatname_lc}-input-{type}-unix-line-delimiter"] From 7d275e21661ac340ced099889ef9b99f940922b7 Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Tue, 28 Apr 2020 13:44:59 -0400 Subject: [PATCH 8/8] Bypass refusal check for windows due to Windows unix socket buf for FileMode --- filebeat/inputsource/unix/server.go | 7 +++++-- filebeat/inputsource/unix/server_test.go | 4 ++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/filebeat/inputsource/unix/server.go b/filebeat/inputsource/unix/server.go index bff60e4da29..ee9a0f4564d 100644 --- a/filebeat/inputsource/unix/server.go +++ b/filebeat/inputsource/unix/server.go @@ -95,8 +95,11 @@ func (s *Server) cleanupStaleSocket() error { return errors.Wrapf(err, "cannot lstat unix socket file at location %s", path) } - if info.Mode()&os.ModeSocket == 0 { - return fmt.Errorf("refusing to remove file at location %s, it is not a socket", path) + if runtime.GOOS != "windows" { + // see https://github.com/golang/go/issues/33357 for context on Windows socket file attributes bug + if info.Mode()&os.ModeSocket == 0 { + return fmt.Errorf("refusing to remove file at location %s, it is not a socket", path) + } } if err := os.Remove(path); err != nil { diff --git a/filebeat/inputsource/unix/server_test.go b/filebeat/inputsource/unix/server_test.go index a73760225ea..a9043d14a8e 100644 --- a/filebeat/inputsource/unix/server_test.go +++ b/filebeat/inputsource/unix/server_test.go @@ -274,6 +274,10 @@ func TestSocketCleanup(t *testing.T) { } func TestSocketCleanupRefusal(t *testing.T) { + if runtime.GOOS == "windows" { + t.Skip("skipping due to windows FileAttributes bug https://github.com/golang/go/issues/33357") + return + } path := filepath.Join(os.TempDir(), "test.sock") f, err := os.Create(path) require.NoError(t, err)