On Tuesday, February 12, 2019 11:57:41 AM CET Matwey V. Kornilov wrote:

12.02.2019 12:32, aplanas@suse.de пишет:

1. User may not expect that the package contains some services. epmd.socket is internal erlang thing.

Uhmm very true. But in this case there is a second service, rabbitmq.service, that is using 'BindsTo' and 'After' over epmd [1]. So when the user start the rabbitmq service, is also staring the hidden one. Or I am missing something?

2. epmd.socket is listening on 127.0.0.1 by default. Though currently it leads to constant complaining, this was required by security team at the time when epmd.socket was introduced. It is minimal working local configuration and it should be fine until you really need distribution setup.

You are right.

3. erlang has its own default hard-coded way to start epmd. It just execs new epmd process every time when it cannot connect to existing one. So, while epmd.socket is not active, any erl command invocation leads to starting new epmd process that listens on 0.0.0.0. Is it more secure?

Oh oh I see. I remember this issue. Is there any configuration file for epmd? Or the only way to avoid this second issue is via ERL_EPMD_ADDRESS env var? -- [1] https://build.opensuse.org/package/view_file/network:messaging:amqp/ rabbitmq-server/rabbitmq-server.service?expand=1 -- SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5, 90409 Nürnberg, Germany -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org