On 2025/1/3 10:51, Ming 1. Yang (NSB) wrote: > > > On 2024/12/14 01:16, Bruce Richardson wrote: >> On Fri, Dec 13, 2024 at 09:12:39AM -0800, Stephen Hemminger wrote: >>> On Fri, 13 Dec 2024 17:24:42 +0800 >>> Yang Ming wrote: >>> >>>> 1. /var/tmp is hard code which is not a good style >>>> 2. /var/tmp may be not allowed to be written via container's >>>> read only mode. >>>> >>>> Signed-off-by: Yang Ming >>> Since this is a unix domain socket, why not use abstract socket >>> that doesn't have to be associated with filesystem? >> In general, I think we should avoid abstract sockets in DPDK. Primary >> reason is that they are linux-specific. Last time I checked other unixes, >> like BSD, don't support them. A secondary concern is that having a >> filesystem path allows permission checks, so for e.g. telemetry sockets, >> only users with appropriate permissions can connect. With an abstract socket >> we'd have to open up the area of user authentication. >> >> /Bruce >> > Hi Stephen & Bruce, > > I'm not sure whether abstract socket is a good idea. Maybe it can be improved further or step by step. But we don't need to discuss it for this commit. > We do this improvement because "/var/tmp" and "/var/log" can't be write in Readonly mode of container except that we add /var/ specfic for DPDK application in container's setting. But nearly all DPDK modules have already used common runtime path returned from `rte_eal_get_runtime_dir()`. Why not we apply this common path for Mellanox NIC? > > > Hi Stephen, I'm not entirely sure whether using an abstract socket is the best approach. It might be possible to improve it further or incrementally. However, we don't need to discuss this for the current commit. We made this improvement because the directories "/var/tmp" and "/var/log" cannot be written to in a container with read-only mode, unless we specifically configure the /var/ directory for the DPDK application in the container's settings. Nearly all DPDK modules already use the common runtime path returned by rte_eal_get_runtime_dir(). Therefore, it makes sense to apply this common path for the Mellanox NIC as well. Actually, the objective of this patch series is to prevent the DPDK Mellanox driver from crashing when attempting to access the read-only directories "/var/" in a container. Brs, Yang Ming