server: Enable socket activation through systemd

This enables socket activation of "p11-kit server" through systemd. The feature provided is essentially the same as commit a4fb2bb5 (reverted), but implemented with "p11-kit server" and libsystemd API instead of wrapping "p11-kit remote" in the unit file. Note that, while it exposes all tokens through the socket, it doesn't increase attack surface beyond the PKCS#11 binary interface provided by p11-kit-proxy.so, because the service is per-user.
author: Daiki Ueno <dueno@redhat.com> 2018-06-20 10:43:24 +0200
committer: Daiki Ueno <ueno@gnu.org> 2018-06-20 13:19:23 +0200
commit: 53a7e915b2694bc1957d98493a7aee9abfa3c6c5 (patch)
tree: 82d4bdce9a6d8559a698cd40fda4bb96990489c7 /p11-kit/p11-kit-server.socket
parent: d4a4039f97b2e1f67d09d7cd8c05fb2dd129b23c (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/p11-kit/p11-kit-server.socket b/p11-kit/p11-kit-server.socket
new file mode 100644
index 0000000..31a3d4c
--- /dev/null
+++ b/p11-kit/p11-kit-server.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=p11-kit server
+
+[Socket]
+Priority=6
+Backlog=5
+ListenStream=%t/p11-kit/pkcs11
+SocketMode=0600
+
+[Install]
+WantedBy=sockets.target
author	Daiki Ueno <dueno@redhat.com>	2018-06-20 10:43:24 +0200
committer	Daiki Ueno <ueno@gnu.org>	2018-06-20 13:19:23 +0200
commit	53a7e915b2694bc1957d98493a7aee9abfa3c6c5 (patch)
tree	82d4bdce9a6d8559a698cd40fda4bb96990489c7 /p11-kit/p11-kit-server.socket
parent	d4a4039f97b2e1f67d09d7cd8c05fb2dd129b23c (diff)