From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jianfeng.tan@intel.com>
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 by dpdk.org (Postfix) with ESMTP id 0979E591F
 for <dev@dpdk.org>; Mon,  9 Nov 2015 06:46:37 +0100 (CET)
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
 by fmsmga102.fm.intel.com with ESMTP; 08 Nov 2015 21:46:35 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.20,265,1444719600"; d="scan'208";a="846408149"
Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203])
 by fmsmga002.fm.intel.com with ESMTP; 08 Nov 2015 21:46:36 -0800
Received: from fmsmsx120.amr.corp.intel.com (10.18.124.208) by
 FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Sun, 8 Nov 2015 21:46:35 -0800
Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by
 fmsmsx120.amr.corp.intel.com (10.18.124.208) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Sun, 8 Nov 2015 21:46:34 -0800
Received: from shsmsx152.ccr.corp.intel.com ([169.254.6.193]) by
 shsmsx102.ccr.corp.intel.com ([169.254.2.42]) with mapi id 14.03.0248.002;
 Mon, 9 Nov 2015 13:46:32 +0800
From: "Tan, Jianfeng" <jianfeng.tan@intel.com>
To: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Thread-Topic: [dpdk-dev] [RFC 5/5] vhost/container: change mode of vhost
 listening socket
Thread-Index: AQHRGDL2a4PcA4sNmUenTE2BPNr7HJ6Sji4AgACYl0D//4UjAIAAhzmA
Date: Mon, 9 Nov 2015 05:46:32 +0000
Message-ID: <ED26CBA2FAD1BF48A8719AEF02201E366394EC@SHSMSX152.ccr.corp.intel.com>
References: <1446748276-132087-1-git-send-email-jianfeng.tan@intel.com>
 <1446748276-132087-6-git-send-email-jianfeng.tan@intel.com>
 <20151109035434.GG2326@yliu-dev.sh.intel.com>
 <ED26CBA2FAD1BF48A8719AEF02201E36639470@SHSMSX152.ccr.corp.intel.com>
 <20151109054058.GL2326@yliu-dev.sh.intel.com>
In-Reply-To: <20151109054058.GL2326@yliu-dev.sh.intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "nakajima.yoshihiro@lab.ntt.co.jp" <nakajima.yoshihiro@lab.ntt.co.jp>,
 "zhbzg@huawei.com" <zhbzg@huawei.com>, "mst@redhat.com" <mst@redhat.com>,
 "dev@dpdk.org" <dev@dpdk.org>,
 "oscar.zhangbo@huawei.com" <oscar.zhangbo@huawei.com>,
 "gaoxiaoqiu@huawei.com" <gaoxiaoqiu@huawei.com>,
 "ann.zhuangyanying@huawei.com" <ann.zhuangyanying@huawei.com>,
 "zhoujingbin@huawei.com" <zhoujingbin@huawei.com>,
 "guohongzhen@huawei.com" <guohongzhen@huawei.com>
Subject: Re: [dpdk-dev] [RFC 5/5] vhost/container: change mode of vhost
 listening socket
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2015 05:46:38 -0000



> -----Original Message-----
> From: Yuanhan Liu [mailto:yuanhan.liu@linux.intel.com]
> Sent: Monday, November 9, 2015 1:41 PM
> To: Tan, Jianfeng
> Cc: dev@dpdk.org; nakajima.yoshihiro@lab.ntt.co.jp; zhbzg@huawei.com;
> mst@redhat.com; gaoxiaoqiu@huawei.com; oscar.zhangbo@huawei.com;
> ann.zhuangyanying@huawei.com; zhoujingbin@huawei.com;
> guohongzhen@huawei.com
> Subject: Re: [dpdk-dev] [RFC 5/5] vhost/container: change mode of vhost
> listening socket
>=20
> On Mon, Nov 09, 2015 at 05:15:23AM +0000, Tan, Jianfeng wrote:
> ...
> > > >
> > > > +	ret =3D chmod(un.sun_path, 0666);
> > > > +	if (ret =3D=3D 0)
> > > > +		RTE_LOG(INFO, VHOST_CONFIG, "chmod 0666, ok\n");
> > >
> > > That doesn't seem right to me. Doing that kind of change in a
> > > libraray doesn't seem to be a good practice, don't even to say
> > > changing it to "0666" blindly, which allows every body to access it.
> > >
> > > 	--yliu
> >
> > Hi Yuanhan,
> >
> > The original intention for this change is for the use case: use "root"
> > to start ovs-dpdk (or any other switch application), but use other
> > users to run some containers. Not with this change, other users cannot
> > connect to vhost listening socket.
>=20
> I know your concern, do it with some user space utils (like chmod) then, =
but
> not in a libraray.
>=20
> BTW, "chown", limiting it to a specific user, or "chmod g+rw", limiting i=
t to a
> specific group, is more appropriate here.
>=20
> 	--yliu

Got your point. Consider to revert this change in next version.

Thanks!
Jianfeng

> >
> > This change is not necessary if using root to start a container. It's
> > indeed a question worth discussion: whether it's reasonable to allow
> > everybody to start a virtio device.
> >
> > Thanks,
> > Jianfeng
> >
> > >
> > > > +
> > > >  	return sockfd;
> > > >
> > > >  err:
> > > > --
> > > > 2.1.4