From: Bruce Richardson <bruce.richardson@intel.com>
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: "Burakov, Anatoly" <anatoly.burakov@intel.com>,
陈亚辉-云杉研发部 <goodluckwillcomesoon@gmail.com>,
dev@dpdk.org, jiping@yunshan.net, xiangyang@yunshan.net,
"David Marchand" <david.marchand@redhat.com>
Subject: Re: [dpdk-dev] eal: can not run secondary process on openstack environment
Date: Thu, 30 Apr 2020 17:36:07 +0100 [thread overview]
Message-ID: <20200430163607.GA1997@bricha3-MOBL.ger.corp.intel.com> (raw)
In-Reply-To: <20200430090902.0add5a96@hermes.lan>
On Thu, Apr 30, 2020 at 09:09:02AM -0700, Stephen Hemminger wrote:
> On Thu, 30 Apr 2020 10:14:57 +0100
> "Burakov, Anatoly" <anatoly.burakov@intel.com> wrote:
>
> > On 30-Apr-20 5:14 AM, 陈亚辉-云杉研发部 wrote:
> > > Deleting xdg_runtime_dir and fallback, runtime_dir will always be
> > > "/var/run" defined by code:
> > > static const char *default_runtime_dir = "/var/run"
> > >
> >
> > I'm not sure this is a good solution. Generally, IMO, having separate
> > directories for DPDK processes for different users is a good thing.
> > Also, XDG directory exists for a reason, and i think on some distros
> > /var/run is not even there any more (or symlinked to /run, or...).
> >
> > So, i don't think this is the way to go. David, thoughts?
> >
>
> The unix-domain sockets should be using the abstract socket
> naming which would solve a bunch of problems like removing on program
> crash, SELinux, and container namepaces.
>
> See unix(7) for more infomation.
I disagree, I think using sockets on the filesystem is still the way to go.
Yes, with abstract sockets they disappear automatically, but on the other
hand they have the following issues:
* they are non-portable and available only on linux
* they can't be protected easily just using the filesystem permissions -
any unix sockets we create in the DPDK runtime directory are only
accessible by current user and root. For many cases in DPDK, we don't
want arbitrary users or programs able to connect to DPDK.
/Bruce
next prev parent reply other threads:[~2020-04-30 16:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-30 4:14 陈亚辉-云杉研发部
2020-04-30 9:14 ` Burakov, Anatoly
2020-04-30 16:09 ` Stephen Hemminger
2020-04-30 16:36 ` Bruce Richardson [this message]
-- strict thread matches above, loose matches on Subject: below --
2020-04-15 10:06 陈亚辉-云杉研发部
2020-04-17 13:52 ` Burakov, Anatoly
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200430163607.GA1997@bricha3-MOBL.ger.corp.intel.com \
--to=bruce.richardson@intel.com \
--cc=anatoly.burakov@intel.com \
--cc=david.marchand@redhat.com \
--cc=dev@dpdk.org \
--cc=goodluckwillcomesoon@gmail.com \
--cc=jiping@yunshan.net \
--cc=stephen@networkplumber.org \
--cc=xiangyang@yunshan.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).