I have seen a couple of discussions here about whether certain bugs are related to rsync or rather systemd. Right now I am dealing with a problem regarding running rsync as a systemd socket activated daemon. Basically systemd runs a daemon only after it is contacted through socket, daemon performs a task and then finishes. systemd only collects return value.
If I use "allow hosts" option in rsyncd.conf file and then I receive a connection through the socket from host which is not on the list, the connection is rejected. This is completely fine but rsync ends with -1 in such a case. From my point of view it should end with other value because rsync ended correctly as instructed through the conf file.
If I receive lots of unauthorized connections, rsync leaves behind a failed unit. After some time these failed units seem to influence performance of the system until at some point the system literally crawls to a halt.
My suggestion would be to perhaps try to return something else than -1. Maybe not 0 because in that case every unauthorized connection would be simply ignored but at least some return value which would distinguish this use-case from all the other general -1 errors.