Almost always when you used nbdkit --run you should also use -U - (to
use a private Unix domain socket). Otherwise nbdkit listened on TCP
port 10809, which had two bad side effects: It permitted other
processes to interfere with your --run command, and it reserved a
public TCP port which would stop two instances of nbdkit running at
the same time. This was a frequent cause of bugs in test cases.
Switch the default so now --run implies -U -
You can still get the old behaviour by using --port explicitly, but
that is almost certainly a bad idea. (Using --run and --vsock works
the same way as before too. It is also usually a bad idea, although
we use it in one test.)
---
docs/nbdkit-captive.pod | 7 -------
docs/nbdkit.pod | 9 ++++++++-
server/main.c | 9 +++++++++
3 files changed, 17 insertions(+), 8 deletions(-)
diff --git a/docs/nbdkit-captive.pod b/docs/nbdkit-captive.pod
index 34a1d0922..248f9df28 100644
--- a/docs/nbdkit-captive.pod
+++ b/docs/nbdkit-captive.pod
@@ -98,13 +98,6 @@ I<--run> implies I<--foreground>. It is not possible, and
probably
not desirable, to have nbdkit fork into the background when using
I<--run>.
-Even when running captive, nbdkit still listens on the regular TCP/IP
-port, unless you specify the I<-p>/I<-U> options. If you want a truly
-private captive nbdkit, then you should create a private random
-Unix socket, like this:
-
- nbdkit -U - plugin [args] --run '...'
-
=head2 Copying data in and out of plugins with captive nbdkit
Captive nbdkit + L<qemu-img(1)> can be used to copy data into and out
diff --git a/docs/nbdkit.pod b/docs/nbdkit.pod
index 634c97e3a..f62796886 100644
--- a/docs/nbdkit.pod
+++ b/docs/nbdkit.pod
@@ -382,6 +382,12 @@ like Debian this might not be a full-featured shell.
This option implies I<--foreground>.
+In nbdkit E<le> 1.34 you normally had to add I<-U ->, otherwise nbdkit
+would use a TCP/IP port which was normally not what you wanted. In
+nbdkit E<ge> 1.36, using I<--run> implies I<-U ->. If you want the
+old behaviour of nbdkit then you must add the I<--port> option
+explicitly.
+
=item B<--selinux-label=>SOCKET-LABEL
Apply the SELinux label C<SOCKET-LABEL> to the nbdkit listening
@@ -481,7 +487,8 @@ should delete the socket file after use (else if you try to
start
nbdkit up again you will get an C<Address already in use> error).
If the socket name is I<-> then nbdkit generates a randomly named
-private socket. This is useful with L<nbdkit-captive(1)/CAPTIVE NBDKIT>.
+private socket. This is implied by the I<--run> option. See also
+L<nbdkit-captive(1)/CAPTIVE NBDKIT>.
=item B<-u> USER
diff --git a/server/main.c b/server/main.c
index 0c9019d94..978a720cf 100644
--- a/server/main.c
+++ b/server/main.c
@@ -621,6 +621,15 @@ main (int argc, char *argv[])
exit (EXIT_FAILURE);
}
+ /* Since nbdkit 1.36, --run implies -U -, unless --vsock or --port
+ * was set explicitly.
+ */
+ if (run && !unixsocket && !port && !vsock) {
+ unixsocket = make_random_fifo ();
+ if (!unixsocket)
+ exit (EXIT_FAILURE);
+ }
+
/* By the point we have enough information to calculate the service mode. */
if (socket_activation)
service_mode = SERVICE_MODE_SOCKET_ACTIVATION;
--
2.41.0
_______________________________________________
Libguestfs mailing list
Libguestfs@redhat.com
https://listman.redhat.com/mailman/listinfo/libguestfs
