[dpdk-dev] [RFC 5/5] vhost/container: change mode of vhost listening socket

Tan, Jianfeng jianfeng.tan at intel.com
Mon Nov 9 06:46:32 CET 2015



> -----Original Message-----
> From: Yuanhan Liu [mailto:yuanhan.liu at linux.intel.com]
> Sent: Monday, November 9, 2015 1:41 PM
> To: Tan, Jianfeng
> Cc: dev at dpdk.org; nakajima.yoshihiro at lab.ntt.co.jp; zhbzg at huawei.com;
> mst at redhat.com; gaoxiaoqiu at huawei.com; oscar.zhangbo at huawei.com;
> ann.zhuangyanying at huawei.com; zhoujingbin at huawei.com;
> guohongzhen at huawei.com
> Subject: Re: [dpdk-dev] [RFC 5/5] vhost/container: change mode of vhost
> listening socket
> 
> On Mon, Nov 09, 2015 at 05:15:23AM +0000, Tan, Jianfeng wrote:
> ...
> > > >
> > > > +	ret = chmod(un.sun_path, 0666);
> > > > +	if (ret == 0)
> > > > +		RTE_LOG(INFO, VHOST_CONFIG, "chmod 0666, ok\n");
> > >
> > > That doesn't seem right to me. Doing that kind of change in a
> > > libraray doesn't seem to be a good practice, don't even to say
> > > changing it to "0666" blindly, which allows every body to access it.
> > >
> > > 	--yliu
> >
> > Hi Yuanhan,
> >
> > The original intention for this change is for the use case: use "root"
> > to start ovs-dpdk (or any other switch application), but use other
> > users to run some containers. Not with this change, other users cannot
> > connect to vhost listening socket.
> 
> I know your concern, do it with some user space utils (like chmod) then, but
> not in a libraray.
> 
> BTW, "chown", limiting it to a specific user, or "chmod g+rw", limiting it to a
> specific group, is more appropriate here.
> 
> 	--yliu

Got your point. Consider to revert this change in next version.

Thanks!
Jianfeng

> >
> > This change is not necessary if using root to start a container. It's
> > indeed a question worth discussion: whether it's reasonable to allow
> > everybody to start a virtio device.
> >
> > Thanks,
> > Jianfeng
> >
> > >
> > > > +
> > > >  	return sockfd;
> > > >
> > > >  err:
> > > > --
> > > > 2.1.4


More information about the dev mailing list