From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Tan, Jianfeng" <jianfeng.tan@intel.com>
Subject: Re: [RFC 5/5] vhost/container: change mode of vhost
 listening socket
Date: Mon, 9 Nov 2015 05:46:32 +0000
Message-ID: <ED26CBA2FAD1BF48A8719AEF02201E366394EC@SHSMSX152.ccr.corp.intel.com>
References: <1446748276-132087-1-git-send-email-jianfeng.tan@intel.com>
 <1446748276-132087-6-git-send-email-jianfeng.tan@intel.com>
 <20151109035434.GG2326@yliu-dev.sh.intel.com>
 <ED26CBA2FAD1BF48A8719AEF02201E36639470@SHSMSX152.ccr.corp.intel.com>
 <20151109054058.GL2326@yliu-dev.sh.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Cc: "nakajima.yoshihiro@lab.ntt.co.jp" <nakajima.yoshihiro@lab.ntt.co.jp>,
 "zhbzg@huawei.com" <zhbzg@huawei.com>, "mst@redhat.com" <mst@redhat.com>,
 "dev@dpdk.org" <dev@dpdk.org>,
 "oscar.zhangbo@huawei.com" <oscar.zhangbo@huawei.com>,
 "gaoxiaoqiu@huawei.com" <gaoxiaoqiu@huawei.com>,
 "ann.zhuangyanying@huawei.com" <ann.zhuangyanying@huawei.com>,
 "zhoujingbin@huawei.com" <zhoujingbin@huawei.com>,
 "guohongzhen@huawei.com" <guohongzhen@huawei.com>
To: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Return-path: <dev-bounces@dpdk.org>
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 by dpdk.org (Postfix) with ESMTP id 0979E591F
 for <dev@dpdk.org>; Mon,  9 Nov 2015 06:46:37 +0100 (CET)
In-Reply-To: <20151109054058.GL2326@yliu-dev.sh.intel.com>
Content-Language: en-US
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>



> -----Original Message-----
> From: Yuanhan Liu [mailto:yuanhan.liu@linux.intel.com]
> Sent: Monday, November 9, 2015 1:41 PM
> To: Tan, Jianfeng
> Cc: dev@dpdk.org; nakajima.yoshihiro@lab.ntt.co.jp; zhbzg@huawei.com;
> mst@redhat.com; gaoxiaoqiu@huawei.com; oscar.zhangbo@huawei.com;
> ann.zhuangyanying@huawei.com; zhoujingbin@huawei.com;
> guohongzhen@huawei.com
> Subject: Re: [dpdk-dev] [RFC 5/5] vhost/container: change mode of vhost
> listening socket
>=20
> On Mon, Nov 09, 2015 at 05:15:23AM +0000, Tan, Jianfeng wrote:
> ...
> > > >
> > > > +	ret =3D chmod(un.sun_path, 0666);
> > > > +	if (ret =3D=3D 0)
> > > > +		RTE_LOG(INFO, VHOST_CONFIG, "chmod 0666, ok\n");
> > >
> > > That doesn't seem right to me. Doing that kind of change in a
> > > libraray doesn't seem to be a good practice, don't even to say
> > > changing it to "0666" blindly, which allows every body to access it.
> > >
> > > 	--yliu
> >
> > Hi Yuanhan,
> >
> > The original intention for this change is for the use case: use "root"
> > to start ovs-dpdk (or any other switch application), but use other
> > users to run some containers. Not with this change, other users cannot
> > connect to vhost listening socket.
>=20
> I know your concern, do it with some user space utils (like chmod) then, =
but
> not in a libraray.
>=20
> BTW, "chown", limiting it to a specific user, or "chmod g+rw", limiting i=
t to a
> specific group, is more appropriate here.
>=20
> 	--yliu

Got your point. Consider to revert this change in next version.

Thanks!
Jianfeng

> >
> > This change is not necessary if using root to start a container. It's
> > indeed a question worth discussion: whether it's reasonable to allow
> > everybody to start a virtio device.
> >
> > Thanks,
> > Jianfeng
> >
> > >
> > > > +
> > > >  	return sockfd;
> > > >
> > > >  err:
> > > > --
> > > > 2.1.4