[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6 02/13] cxenstored: add support for systemd active sockets



On Thu, 2014-07-03 at 19:06 +0200, Luis R. Rodriguez wrote:
> > > > Is it common in systemd support to validate the input socket's path in
> > > > this way? As opposed to trusting that the systemd unit file is correct.
> > > 
> > > sd_is_socket_unix() is certainly advised and highly encourged. As
> > > for the other check -- yes we want that given that we are using
> > > two socket files specifically in order to avoid having to chmod()
> > > the socket ourelves. Systemd currently doesn't support having two
> > > separate sockets in one file with different permissions. From
> > > what I have seen the order in which systemd sets the sockets and
> > > maps them to fds will very on the unit socket files you use, this
> > > approach lets us allow systemd to give them to us in any order
> > > while my hope is that systemd upstream gets support for just one
> > > stocket file with multiple permissions.
> > 
> > OK.
> > 
> > BTW, the permissions on these two sockets should be the same
> > (read/write),
> 
> tools/xenstore/xenstored_core.c uses chmod to change the
> permissions:
> 
>         if (chmod(soc_str, 0600) != 0
>             || chmod(soc_str_ro, 0660) != 0)
>                 barf_perror("Could not chmod sockets");
> 
> > it's the owner/group which might differ.
> 
> On my latest Debian install of the master branch for legacy init
> my sockets end up being owned by root, who should be owning the
> sockets?

My mistake, I thought they were 0660 and root:root and 0660 root:
$something. But 0600 for the rw makes sense too.

Default owner should be root:root for both IMHO. The ro socket is there
for the admin if he wants to chgrp it and put things in that group.

> > (You need to be able to write to the ro socket to send operations,
> 
> BTW what is the _ro socket used for exactly? I couldn't find usage for
> it in existing code.
> 
> > the distinction is that the ro socket will reject XS_WRITE messages)
> 
> OK, got it.
> 
>   Luis



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.