[dpdk-dev] [RFC 5/5] vhost/container: change mode of vhost listening socket
Yuanhan Liu
yuanhan.liu at linux.intel.com
Mon Nov 9 06:40:58 CET 2015
On Mon, Nov 09, 2015 at 05:15:23AM +0000, Tan, Jianfeng wrote:
...
> > >
> > > + ret = chmod(un.sun_path, 0666);
> > > + if (ret == 0)
> > > + RTE_LOG(INFO, VHOST_CONFIG, "chmod 0666, ok\n");
> >
> > That doesn't seem right to me. Doing that kind of change in a libraray doesn't
> > seem to be a good practice, don't even to say changing it to "0666" blindly,
> > which allows every body to access it.
> >
> > --yliu
>
> Hi Yuanhan,
>
> The original intention for this change is for the use case: use "root" to
> start ovs-dpdk (or any other switch application), but use other users to
> run some containers. Not with this change, other users cannot connect
> to vhost listening socket.
I know your concern, do it with some user space utils (like chmod) then,
but not in a libraray.
BTW, "chown", limiting it to a specific user, or "chmod g+rw", limiting
it to a specific group, is more appropriate here.
--yliu
>
> This change is not necessary if using root to start a container. It's indeed
> a question worth discussion: whether it's reasonable to allow everybody
> to start a virtio device.
>
> Thanks,
> Jianfeng
>
> >
> > > +
> > > return sockfd;
> > >
> > > err:
> > > --
> > > 2.1.4
More information about the dev
mailing list