> -----Original Message----- > From: Yuanhan Liu [mailto:yuanhan.liu at linux.intel.com] > Sent: Monday, November 9, 2015 1:41 PM > To: Tan, Jianfeng > Cc: dev at dpdk.org; nakajima.yoshihiro at lab.ntt.co.jp; zhbzg at huawei.com; > mst at redhat.com; gaoxiaoqiu at huawei.com; oscar.zhangbo at huawei.com; > ann.zhuangyanying at huawei.com; zhoujingbin at huawei.com; > guohongzhen at huawei.com > Subject: Re: [dpdk-dev] [RFC 5/5] vhost/container: change mode of vhost > listening socket > > On Mon, Nov 09, 2015 at 05:15:23AM +0000, Tan, Jianfeng wrote: > ... > > > > > > > > + ret = chmod(un.sun_path, 0666); > > > > + if (ret == 0) > > > > + RTE_LOG(INFO, VHOST_CONFIG, "chmod 0666, ok\n"); > > > > > > That doesn't seem right to me. Doing that kind of change in a > > > libraray doesn't seem to be a good practice, don't even to say > > > changing it to "0666" blindly, which allows every body to access it. > > > > > > --yliu > > > > Hi Yuanhan, > > > > The original intention for this change is for the use case: use "root" > > to start ovs-dpdk (or any other switch application), but use other > > users to run some containers. Not with this change, other users cannot > > connect to vhost listening socket. > > I know your concern, do it with some user space utils (like chmod) then, but > not in a libraray. > > BTW, "chown", limiting it to a specific user, or "chmod g+rw", limiting it to > a > specific group, is more appropriate here. > > --yliu
Got your point. Consider to revert this change in next version. Thanks! Jianfeng > > > > This change is not necessary if using root to start a container. It's > > indeed a question worth discussion: whether it's reasonable to allow > > everybody to start a virtio device. > > > > Thanks, > > Jianfeng > > > > > > > > > + > > > > return sockfd; > > > > > > > > err: > > > > -- > > > > 2.1.4
