[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6 02/13] cxenstored: add support for systemd active sockets

To: "Luis R. Rodriguez" <mcgrof@xxxxxxxx>
From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Date: Fri, 4 Jul 2014 15:32:29 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, David Scott <dave.scott@xxxxxxxxxxxxx>, "Luis R. Rodriguez" <mcgrof@xxxxxxxxxxxxxxxx>
Delivery-date: Fri, 04 Jul 2014 14:32:36 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Thu, 2014-07-03 at 19:06 +0200, Luis R. Rodriguez wrote:
> > > > Is it common in systemd support to validate the input socket's path in
> > > > this way? As opposed to trusting that the systemd unit file is correct.
> > > 
> > > sd_is_socket_unix() is certainly advised and highly encourged. As
> > > for the other check -- yes we want that given that we are using
> > > two socket files specifically in order to avoid having to chmod()
> > > the socket ourelves. Systemd currently doesn't support having two
> > > separate sockets in one file with different permissions. From
> > > what I have seen the order in which systemd sets the sockets and
> > > maps them to fds will very on the unit socket files you use, this
> > > approach lets us allow systemd to give them to us in any order
> > > while my hope is that systemd upstream gets support for just one
> > > stocket file with multiple permissions.
> > 
> > OK.
> > 
> > BTW, the permissions on these two sockets should be the same
> > (read/write),
> 
> tools/xenstore/xenstored_core.c uses chmod to change the
> permissions:
> 
>         if (chmod(soc_str, 0600) != 0
>             || chmod(soc_str_ro, 0660) != 0)
>                 barf_perror("Could not chmod sockets");
> 
> > it's the owner/group which might differ.
> 
> On my latest Debian install of the master branch for legacy init
> my sockets end up being owned by root, who should be owning the
> sockets?

My mistake, I thought they were 0660 and root:root and 0660 root:
$something. But 0600 for the rw makes sense too.

Default owner should be root:root for both IMHO. The ro socket is there
for the admin if he wants to chgrp it and put things in that group.

> > (You need to be able to write to the ro socket to send operations,
> 
> BTW what is the _ro socket used for exactly? I couldn't find usage for
> it in existing code.
> 
> > the distinction is that the ro socket will reject XS_WRITE messages)
> 
> OK, got it.
> 
>   Luis



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v6 02/13] cxenstored: add support for systemd active sockets
  - From: Luis R. Rodriguez

References:
- Re: [Xen-devel] [PATCH v6 02/13] cxenstored: add support for systemd active sockets
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH v6 02/13] cxenstored: add support for systemd active sockets
  - From: Luis R. Rodriguez
- Re: [Xen-devel] [PATCH v6 02/13] cxenstored: add support for systemd active sockets
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH v6 02/13] cxenstored: add support for systemd active sockets
  - From: Luis R. Rodriguez

Prev by Date: Re: [Xen-devel] [Xen-users] ARM: "xen_add_mach_to_phys_entry: cannot add ... already exists and panics"
Next by Date: Re: [Xen-devel] [PATCH v6 10/13] autoconf: xen: move standard path variables to config/Paths.mk.in
Previous by thread: Re: [Xen-devel] [PATCH v6 02/13] cxenstored: add support for systemd active sockets
Next by thread: Re: [Xen-devel] [PATCH v6 02/13] cxenstored: add support for systemd active sockets
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.