From: Russell Coker <russell@coker.com.au>
To: selinux@tycho.nsa.gov
Subject: Re: [PATCH v2] libsemanage: remove lock files
Date: Wed, 26 Apr 2017 10:31:34 +1000 [thread overview]
Message-ID: <201704261031.34910.russell@coker.com.au> (raw)
In-Reply-To: <1493150773.12050.2.camel@trentalancia.net>
On Wed, 26 Apr 2017 06:06:13 AM Guido Trentalancia wrote:
> > Pidfile locking also never works across network filesystems as pids
> > are local to
> > a system. You could have some combination of pid and hostname (as
> > done by
> > some web browsers) but that gets ugly.
>
> No, I didn't mean the complicate circumstance of NFS shared amongst
> multiple systems.
>
> I only meant the simpler (and most common) situation where the NFS is
> mounted for only one system, therefore PIDs are unique and there is no
> need to include the hostname.
flock(2) seems to indicate that locks always worked locally on NFS filesystems
and thus would always have worked in that case.
Please do some testing and prove that the problem occurs on NFS-root systems.
> > Really pidfiles are so horrible that one of the noteworthy features
> > of systemd
> > is removing the need for them.
>
> I am not that pessimistic about locking with aid of PIDs.
>
> To be honest, the current situation has more drawbacks in my opinion.
>
> In particular, I don't like the fact that it leaves unused lock files
> around the filesystem.
Everything else that uses lock files does that.
> > Having multiple systems operate with NFS root and a shared
> > /etc/selinux is
> > never going to work well. Even if everything works well (and it
> > probably
> > won't) you will end up with systems that have the policy in
> > /etc/selinux not
> > matching what is running.
>
> Please forget sharing NFS. I meant dedicated NFS.
>
> Anyway, I have created a new version of the patch that should probably
> improve the previous race condition.
>
> If you have a way of testing a dedicated store over NFS, then I'd like
> to hear back from you the result of such testing !
>
> But, if you are not interested in testing it, then never mind...
I think that when someone wants to change behavior that is the same as used in
many programs they should demonstrate that it has a problem.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
prev parent reply other threads:[~2017-04-26 0:31 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-20 14:38 [PATCH] libsemanage: remove lock files Guido Trentalancia
2017-04-20 15:44 ` Stephen Smalley
2017-04-20 15:45 ` Guido Trentalancia
2017-04-20 15:56 ` Stephen Smalley
2017-04-20 15:56 ` Guido Trentalancia
2017-04-20 16:08 ` Stephen Smalley
2017-04-20 16:09 ` Guido Trentalancia
2017-04-24 12:06 ` Alan Jenkins
2017-04-24 12:08 ` Alan Jenkins
2017-04-24 17:51 ` Guido Trentalancia
2017-04-24 18:38 ` Guido Trentalancia
2017-04-25 6:30 ` Russell Coker
2017-04-25 20:06 ` [PATCH v2] " Guido Trentalancia
2017-04-25 20:35 ` [PATCH v3] " Guido Trentalancia
2017-04-26 12:03 ` Jason Zaman
2017-04-26 12:56 ` Stephen Smalley
2017-04-26 18:13 ` Guido Trentalancia
2017-04-26 18:25 ` Stephen Smalley
2017-04-26 0:31 ` Russell Coker [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201704261031.34910.russell@coker.com.au \
--to=russell@coker.com.au \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.