From mboxrd@z Thu Jan  1 00:00:00 1970
From: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Subject: Re: [RFC 5/5] vhost/container: change mode of vhost
 listening socket
Date: Mon, 9 Nov 2015 13:40:58 +0800
Message-ID: <20151109054058.GL2326@yliu-dev.sh.intel.com>
References: <1446748276-132087-1-git-send-email-jianfeng.tan@intel.com>
 <1446748276-132087-6-git-send-email-jianfeng.tan@intel.com>
 <20151109035434.GG2326@yliu-dev.sh.intel.com>
 <ED26CBA2FAD1BF48A8719AEF02201E36639470@SHSMSX152.ccr.corp.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: "nakajima.yoshihiro@lab.ntt.co.jp" <nakajima.yoshihiro@lab.ntt.co.jp>,
 "zhbzg@huawei.com" <zhbzg@huawei.com>, "mst@redhat.com" <mst@redhat.com>,
 "dev@dpdk.org" <dev@dpdk.org>,
 "oscar.zhangbo@huawei.com" <oscar.zhangbo@huawei.com>,
 "gaoxiaoqiu@huawei.com" <gaoxiaoqiu@huawei.com>,
 "ann.zhuangyanying@huawei.com" <ann.zhuangyanying@huawei.com>,
 "zhoujingbin@huawei.com" <zhoujingbin@huawei.com>,
 "guohongzhen@huawei.com" <guohongzhen@huawei.com>
To: "Tan, Jianfeng" <jianfeng.tan@intel.com>
Return-path: <dev-bounces@dpdk.org>
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by dpdk.org (Postfix) with ESMTP id 2DE2C370
 for <dev@dpdk.org>; Mon,  9 Nov 2015 06:37:29 +0100 (CET)
Content-Disposition: inline
In-Reply-To: <ED26CBA2FAD1BF48A8719AEF02201E36639470@SHSMSX152.ccr.corp.intel.com>
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

On Mon, Nov 09, 2015 at 05:15:23AM +0000, Tan, Jianfeng wrote:
...
> > >
> > > +	ret = chmod(un.sun_path, 0666);
> > > +	if (ret == 0)
> > > +		RTE_LOG(INFO, VHOST_CONFIG, "chmod 0666, ok\n");
> > 
> > That doesn't seem right to me. Doing that kind of change in a libraray doesn't
> > seem to be a good practice, don't even to say changing it to "0666" blindly,
> > which allows every body to access it.
> > 
> > 	--yliu
> 
> Hi Yuanhan,
> 
> The original intention for this change is for the use case: use "root" to
> start ovs-dpdk (or any other switch application), but use other users to
> run some containers. Not with this change, other users cannot connect
> to vhost listening socket.

I know your concern, do it with some user space utils (like chmod) then,
but not in a libraray.

BTW, "chown", limiting it to a specific user, or "chmod g+rw", limiting
it to a specific group, is more appropriate here.

	--yliu
> 
> This change is not necessary if using root to start a container. It's indeed
> a question worth discussion: whether it's reasonable to allow everybody
> to start a virtio device.
> 
> Thanks,
> Jianfeng
> 
> > 
> > > +
> > >  	return sockfd;
> > >
> > >  err:
> > > --
> > > 2.1.4