From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id 2DE2C370 for ; Mon, 9 Nov 2015 06:37:29 +0100 (CET) Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga101.fm.intel.com with ESMTP; 08 Nov 2015 21:37:28 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.20,265,1444719600"; d="scan'208";a="845817125" Received: from yliu-dev.sh.intel.com (HELO yliu-dev) ([10.239.66.49]) by orsmga002.jf.intel.com with ESMTP; 08 Nov 2015 21:37:27 -0800 Date: Mon, 9 Nov 2015 13:40:58 +0800 From: Yuanhan Liu To: "Tan, Jianfeng" Message-ID: <20151109054058.GL2326@yliu-dev.sh.intel.com> References: <1446748276-132087-1-git-send-email-jianfeng.tan@intel.com> <1446748276-132087-6-git-send-email-jianfeng.tan@intel.com> <20151109035434.GG2326@yliu-dev.sh.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: "nakajima.yoshihiro@lab.ntt.co.jp" , "zhbzg@huawei.com" , "mst@redhat.com" , "dev@dpdk.org" , "oscar.zhangbo@huawei.com" , "gaoxiaoqiu@huawei.com" , "ann.zhuangyanying@huawei.com" , "zhoujingbin@huawei.com" , "guohongzhen@huawei.com" Subject: Re: [dpdk-dev] [RFC 5/5] vhost/container: change mode of vhost listening socket X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Nov 2015 05:37:29 -0000 On Mon, Nov 09, 2015 at 05:15:23AM +0000, Tan, Jianfeng wrote: ... > > > > > > + ret = chmod(un.sun_path, 0666); > > > + if (ret == 0) > > > + RTE_LOG(INFO, VHOST_CONFIG, "chmod 0666, ok\n"); > > > > That doesn't seem right to me. Doing that kind of change in a libraray doesn't > > seem to be a good practice, don't even to say changing it to "0666" blindly, > > which allows every body to access it. > > > > --yliu > > Hi Yuanhan, > > The original intention for this change is for the use case: use "root" to > start ovs-dpdk (or any other switch application), but use other users to > run some containers. Not with this change, other users cannot connect > to vhost listening socket. I know your concern, do it with some user space utils (like chmod) then, but not in a libraray. BTW, "chown", limiting it to a specific user, or "chmod g+rw", limiting it to a specific group, is more appropriate here. --yliu > > This change is not necessary if using root to start a container. It's indeed > a question worth discussion: whether it's reasonable to allow everybody > to start a virtio device. > > Thanks, > Jianfeng > > > > > > + > > > return sockfd; > > > > > > err: > > > -- > > > 2.1.4