Terry Wilson <[email protected]> writes: > On Thu, Aug 16, 2018 at 4:57 PM, Ben Pfaff <[email protected]> wrote: >> On Thu, Aug 16, 2018 at 07:55:09PM +0000, Terry Wilson wrote: >>> Unix sockets were not being created with the permission 0770, >>> instead using the current umask value. The manpage for fchmod() >>> states that that if filedes refers to a socket, the behavior is >>> undefined. Insetad, use the same code as *BSD to ensure the 0770 >>> permission is set on unix sockets. >>> >>> Signed-off-by: Terry Wilson <[email protected]> >> >> It's extraordinarily expensive to fork() to make a single system call. > > I agree it is ridiculously ugly, though it isn't like this is > something that is done in a tight loop anywhere either. > >> As far as I can tell, the existing code actually works on Linux, in the >> same way as the third 'mode' parameter to open(2). > > It doesn't (and never has) on my Centos 7 machine. I ran into this a > couple of years ago and ended up just working around it. As an example > after make rpm-fedora and installing: > [centos@test x86_64]$ ls -al /var/run/openvswitch/db.sock > srwxr-x---. 1 openvswitch openvswitch 0 Aug 16 22:09 db.sock > > So we've got 0750 and not 0770 like the hardcoded value in the source. > >> Surely there's a better way to do this. > > I *hope* so. I mean it certainly seems like something one would want > to be able to do, but I remember looking for a couple of days 2 years > ago and giving up. umask seemed like the only reliable option. > Whatever the solution is, fchmod is *not* it since it is specifically > undefined behavior to use it on a socket. I'll try with ubuntu and see > what happens there, but wouldn't imagine it to be different.
So... Gather 'round folks, and let me tell you the tale of a series long ago posted: https://mail.openvswitch.org/pipermail/ovs-dev/2016-August/321866.html Something... something ... black magic... I think the fchmod needs to happen after the bind for the permissions to actually be changed. That's how the unit tests in that series are coded. > From man 3 fchmod: > DESCRIPTION > ... > If fildes refers to a socket, the behavior of fchmod() is unspecified. > ... I think that's because some unixes don't even honor permissions on sockets, and some don't allow any changing of those permissions. > Terry _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
