[dpdk-dev] [RFC 5/5] vhost/container: change mode of vhost listening socket

Tan, Jianfeng jianfeng.tan at intel.com
Mon Nov 9 06:15:23 CET 2015



> -----Original Message-----
> From: Yuanhan Liu [mailto:yuanhan.liu at linux.intel.com]
> Sent: Monday, November 9, 2015 11:55 AM
> To: Tan, Jianfeng
> Cc: dev at dpdk.org; nakajima.yoshihiro at lab.ntt.co.jp; zhbzg at huawei.com;
> mst at redhat.com; gaoxiaoqiu at huawei.com; oscar.zhangbo at huawei.com;
> ann.zhuangyanying at huawei.com; zhoujingbin at huawei.com;
> guohongzhen at huawei.com
> Subject: Re: [dpdk-dev] [RFC 5/5] vhost/container: change mode of vhost
> listening socket
> 
> On Fri, Nov 06, 2015 at 02:31:16AM +0800, Jianfeng Tan wrote:
> > Change vhost listening socket mode so that users in groups and others
> > can connect to vhost listening socket.
> >
> > Signed-off-by: Huawei Xie <huawei.xie at intel.com>
> > Signed-off-by: Jianfeng Tan <jianfeng.tan at intel.com>
> > ---
> >  lib/librte_vhost/vhost_user/vhost-net-user.c | 5 +++++
> >  1 file changed, 5 insertions(+)
> >
> > diff --git a/lib/librte_vhost/vhost_user/vhost-net-user.c
> > b/lib/librte_vhost/vhost_user/vhost-net-user.c
> > index 2dc0547..7b24f7c 100644
> > --- a/lib/librte_vhost/vhost_user/vhost-net-user.c
> > +++ b/lib/librte_vhost/vhost_user/vhost-net-user.c
> > @@ -42,6 +42,7 @@
> >  #include <sys/un.h>
> >  #include <errno.h>
> >  #include <pthread.h>
> > +#include <sys/stat.h>
> >
> >  #include <rte_log.h>
> >  #include <rte_virtio_net.h>
> > @@ -137,6 +138,10 @@ uds_socket(const char *path)
> >  	if (ret == -1)
> >  		goto err;
> >
> > +	ret = chmod(un.sun_path, 0666);
> > +	if (ret == 0)
> > +		RTE_LOG(INFO, VHOST_CONFIG, "chmod 0666, ok\n");
> 
> That doesn't seem right to me. Doing that kind of change in a libraray doesn't
> seem to be a good practice, don't even to say changing it to "0666" blindly,
> which allows every body to access it.
> 
> 	--yliu

Hi Yuanhan,

The original intention for this change is for the use case: use "root" to
start ovs-dpdk (or any other switch application), but use other users to
run some containers. Not with this change, other users cannot connect
to vhost listening socket.

This change is not necessary if using root to start a container. It's indeed
a question worth discussion: whether it's reasonable to allow everybody
to start a virtio device.

Thanks,
Jianfeng

> 
> > +
> >  	return sockfd;
> >
> >  err:
> > --
> > 2.1.4


More information about the dev mailing list