From ab89c6d162977c23c95655b28c6b49400e636688 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 25 Apr 2024 10:57:56 +0200
Subject: [PATCH] varlink: if $SYSTEMD_VARLINK_LISTEN is set to "-", listen on
 stdio

---
 docs/ENVIRONMENT.md  |  3 ++-
 src/shared/varlink.c | 11 ++++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md
index d44e91b9739..7d712c09900 100644
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@@ -686,7 +686,8 @@ Tools using the Varlink protocol (such as `varlinkctl`) or sd-bus (such as
 * `$SYSTEMD_VARLINK_LISTEN` â interpreted by some tools that provide a Varlink
   service. Takes a file system path: if specified the tool will listen on an
   `AF_UNIX` stream socket on the specified path in addition to whatever else it
-  would listen on.
+  would listen on. If set to "-" the tool will turn stdin/stdout into a Varlink
+  connection.
 
 `systemd-mountfsd`:
 
diff --git a/src/shared/varlink.c b/src/shared/varlink.c
index 6826e3eb9bd..8814c98f2e6 100644
--- a/src/shared/varlink.c
+++ b/src/shared/varlink.c
@@ -3803,12 +3803,17 @@ int varlink_server_listen_auto(VarlinkServer *s) {
                 n++;
         }
 
-        /* For debug purposes let's listen on an explicitly specified address */
+        /* Let's listen on an explicitly specified address */
         const char *e = secure_getenv("SYSTEMD_VARLINK_LISTEN");
         if (e) {
-                r = varlink_server_listen_address(s, e, FLAGS_SET(s->flags, VARLINK_SERVER_ROOT_ONLY) ? 0600 : 0666);
+                if (streq(e, "-"))
+                        r = varlink_server_add_connection_stdio(s, /* ret= */ NULL);
+                else
+                        r = varlink_server_listen_address(s, e, FLAGS_SET(s->flags, VARLINK_SERVER_ROOT_ONLY) ? 0600 : 0666);
                 if (r < 0)
                         return r;
+
+                n++;
         }
 
         return n;
@@ -4258,7 +4263,7 @@ int varlink_invocation(VarlinkInvocationFlags flags) {
 
         /* Returns true if this is a "pure" varlink server invocation, i.e. with one fd passed. */
 
-        const char *e = secure_getenv("SYSTEMD_VARLINK_LISTEN"); /* Permit a manual override for testing purposes */
+        const char *e = secure_getenv("SYSTEMD_VARLINK_LISTEN"); /* Permit an explicit override */
         if (e)
                 return true;
 
-- 
2.47.3