On Thu, Apr 30, 2020 at 09:09:02AM -0700, Stephen Hemminger wrote: > On Thu, 30 Apr 2020 10:14:57 +0100 > "Burakov, Anatoly" <anatoly.bura...@intel.com> wrote: > > > On 30-Apr-20 5:14 AM, 陈亚辉-云杉研发部 wrote: > > > Deleting xdg_runtime_dir and fallback, runtime_dir will always be > > > "/var/run" defined by code: > > > static const char *default_runtime_dir = "/var/run" > > > > > > > I'm not sure this is a good solution. Generally, IMO, having separate > > directories for DPDK processes for different users is a good thing. > > Also, XDG directory exists for a reason, and i think on some distros > > /var/run is not even there any more (or symlinked to /run, or...). > > > > So, i don't think this is the way to go. David, thoughts? > > > > The unix-domain sockets should be using the abstract socket > naming which would solve a bunch of problems like removing on program > crash, SELinux, and container namepaces. > > See unix(7) for more infomation.
I disagree, I think using sockets on the filesystem is still the way to go. Yes, with abstract sockets they disappear automatically, but on the other hand they have the following issues: * they are non-portable and available only on linux * they can't be protected easily just using the filesystem permissions - any unix sockets we create in the DPDK runtime directory are only accessible by current user and root. For many cases in DPDK, we don't want arbitrary users or programs able to connect to DPDK. /Bruce
