[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v6 02/13] cxenstored: add support for systemd active sockets
On Thu, 2014-07-03 at 19:06 +0200, Luis R. Rodriguez wrote: > > > > Is it common in systemd support to validate the input socket's path in > > > > this way? As opposed to trusting that the systemd unit file is correct. > > > > > > sd_is_socket_unix() is certainly advised and highly encourged. As > > > for the other check -- yes we want that given that we are using > > > two socket files specifically in order to avoid having to chmod() > > > the socket ourelves. Systemd currently doesn't support having two > > > separate sockets in one file with different permissions. From > > > what I have seen the order in which systemd sets the sockets and > > > maps them to fds will very on the unit socket files you use, this > > > approach lets us allow systemd to give them to us in any order > > > while my hope is that systemd upstream gets support for just one > > > stocket file with multiple permissions. > > > > OK. > > > > BTW, the permissions on these two sockets should be the same > > (read/write), > > tools/xenstore/xenstored_core.c uses chmod to change the > permissions: > > if (chmod(soc_str, 0600) != 0 > || chmod(soc_str_ro, 0660) != 0) > barf_perror("Could not chmod sockets"); > > > it's the owner/group which might differ. > > On my latest Debian install of the master branch for legacy init > my sockets end up being owned by root, who should be owning the > sockets? My mistake, I thought they were 0660 and root:root and 0660 root: $something. But 0600 for the rw makes sense too. Default owner should be root:root for both IMHO. The ro socket is there for the admin if he wants to chgrp it and put things in that group. > > (You need to be able to write to the ro socket to send operations, > > BTW what is the _ro socket used for exactly? I couldn't find usage for > it in existing code. > > > the distinction is that the ro socket will reject XS_WRITE messages) > > OK, got it. > > Luis _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |