[dpdk-dev] [RFC 5/5] vhost/container: change mode of vhost listening socket

Yuanhan Liu yuanhan.liu at linux.intel.com
Mon Nov 9 06:40:58 CET 2015


On Mon, Nov 09, 2015 at 05:15:23AM +0000, Tan, Jianfeng wrote:
...
> > >
> > > +	ret = chmod(un.sun_path, 0666);
> > > +	if (ret == 0)
> > > +		RTE_LOG(INFO, VHOST_CONFIG, "chmod 0666, ok\n");
> > 
> > That doesn't seem right to me. Doing that kind of change in a libraray doesn't
> > seem to be a good practice, don't even to say changing it to "0666" blindly,
> > which allows every body to access it.
> > 
> > 	--yliu
> 
> Hi Yuanhan,
> 
> The original intention for this change is for the use case: use "root" to
> start ovs-dpdk (or any other switch application), but use other users to
> run some containers. Not with this change, other users cannot connect
> to vhost listening socket.

I know your concern, do it with some user space utils (like chmod) then,
but not in a libraray.

BTW, "chown", limiting it to a specific user, or "chmod g+rw", limiting
it to a specific group, is more appropriate here.

	--yliu
> 
> This change is not necessary if using root to start a container. It's indeed
> a question worth discussion: whether it's reasonable to allow everybody
> to start a virtio device.
> 
> Thanks,
> Jianfeng
> 
> > 
> > > +
> > >  	return sockfd;
> > >
> > >  err:
> > > --
> > > 2.1.4


More information about the dev mailing list