Message ID | 1446748276-132087-6-git-send-email-jianfeng.tan@intel.com (mailing list archive) |
---|---|
State | RFC, archived |
Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id 8DE118DAA; Fri, 6 Nov 2015 02:31:46 +0100 (CET) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id 1C7058DA9 for <dev@dpdk.org>; Fri, 6 Nov 2015 02:31:44 +0100 (CET) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga101.jf.intel.com with ESMTP; 05 Nov 2015 17:31:45 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.20,249,1444719600"; d="scan'208";a="812931273" Received: from tan-s2600cw.sh.intel.com ([10.239.128.225]) by orsmga001.jf.intel.com with ESMTP; 05 Nov 2015 17:31:42 -0800 From: Jianfeng Tan <jianfeng.tan@intel.com> To: dev@dpdk.org Date: Fri, 6 Nov 2015 02:31:16 +0800 Message-Id: <1446748276-132087-6-git-send-email-jianfeng.tan@intel.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1446748276-132087-1-git-send-email-jianfeng.tan@intel.com> References: <1446748276-132087-1-git-send-email-jianfeng.tan@intel.com> Cc: nakajima.yoshihiro@lab.ntt.co.jp, zhbzg@huawei.com, mst@redhat.com, gaoxiaoqiu@huawei.com, oscar.zhangbo@huawei.com, ann.zhuangyanying@huawei.com, zhoujingbin@huawei.com, guohongzhen@huawei.com Subject: [dpdk-dev] [RFC 5/5] vhost/container: change mode of vhost listening socket X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK <dev.dpdk.org> List-Unsubscribe: <http://dpdk.org/ml/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://dpdk.org/ml/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <http://dpdk.org/ml/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> |
Commit Message
Jianfeng Tan
Nov. 5, 2015, 6:31 p.m. UTC
Change vhost listening socket mode so that users in groups and others can connect to vhost listening socket. Signed-off-by: Huawei Xie <huawei.xie@intel.com> Signed-off-by: Jianfeng Tan <jianfeng.tan@intel.com> --- lib/librte_vhost/vhost_user/vhost-net-user.c | 5 +++++ 1 file changed, 5 insertions(+)
Comments
On Fri, Nov 06, 2015 at 02:31:16AM +0800, Jianfeng Tan wrote: > Change vhost listening socket mode so that users in groups and > others can connect to vhost listening socket. > > Signed-off-by: Huawei Xie <huawei.xie@intel.com> > Signed-off-by: Jianfeng Tan <jianfeng.tan@intel.com> > --- > lib/librte_vhost/vhost_user/vhost-net-user.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/lib/librte_vhost/vhost_user/vhost-net-user.c b/lib/librte_vhost/vhost_user/vhost-net-user.c > index 2dc0547..7b24f7c 100644 > --- a/lib/librte_vhost/vhost_user/vhost-net-user.c > +++ b/lib/librte_vhost/vhost_user/vhost-net-user.c > @@ -42,6 +42,7 @@ > #include <sys/un.h> > #include <errno.h> > #include <pthread.h> > +#include <sys/stat.h> > > #include <rte_log.h> > #include <rte_virtio_net.h> > @@ -137,6 +138,10 @@ uds_socket(const char *path) > if (ret == -1) > goto err; > > + ret = chmod(un.sun_path, 0666); > + if (ret == 0) > + RTE_LOG(INFO, VHOST_CONFIG, "chmod 0666, ok\n"); That doesn't seem right to me. Doing that kind of change in a libraray doesn't seem to be a good practice, don't even to say changing it to "0666" blindly, which allows every body to access it. --yliu > + > return sockfd; > > err: > -- > 2.1.4
> -----Original Message----- > From: Yuanhan Liu [mailto:yuanhan.liu@linux.intel.com] > Sent: Monday, November 9, 2015 11:55 AM > To: Tan, Jianfeng > Cc: dev@dpdk.org; nakajima.yoshihiro@lab.ntt.co.jp; zhbzg@huawei.com; > mst@redhat.com; gaoxiaoqiu@huawei.com; oscar.zhangbo@huawei.com; > ann.zhuangyanying@huawei.com; zhoujingbin@huawei.com; > guohongzhen@huawei.com > Subject: Re: [dpdk-dev] [RFC 5/5] vhost/container: change mode of vhost > listening socket > > On Fri, Nov 06, 2015 at 02:31:16AM +0800, Jianfeng Tan wrote: > > Change vhost listening socket mode so that users in groups and others > > can connect to vhost listening socket. > > > > Signed-off-by: Huawei Xie <huawei.xie@intel.com> > > Signed-off-by: Jianfeng Tan <jianfeng.tan@intel.com> > > --- > > lib/librte_vhost/vhost_user/vhost-net-user.c | 5 +++++ > > 1 file changed, 5 insertions(+) > > > > diff --git a/lib/librte_vhost/vhost_user/vhost-net-user.c > > b/lib/librte_vhost/vhost_user/vhost-net-user.c > > index 2dc0547..7b24f7c 100644 > > --- a/lib/librte_vhost/vhost_user/vhost-net-user.c > > +++ b/lib/librte_vhost/vhost_user/vhost-net-user.c > > @@ -42,6 +42,7 @@ > > #include <sys/un.h> > > #include <errno.h> > > #include <pthread.h> > > +#include <sys/stat.h> > > > > #include <rte_log.h> > > #include <rte_virtio_net.h> > > @@ -137,6 +138,10 @@ uds_socket(const char *path) > > if (ret == -1) > > goto err; > > > > + ret = chmod(un.sun_path, 0666); > > + if (ret == 0) > > + RTE_LOG(INFO, VHOST_CONFIG, "chmod 0666, ok\n"); > > That doesn't seem right to me. Doing that kind of change in a libraray doesn't > seem to be a good practice, don't even to say changing it to "0666" blindly, > which allows every body to access it. > > --yliu Hi Yuanhan, The original intention for this change is for the use case: use "root" to start ovs-dpdk (or any other switch application), but use other users to run some containers. Not with this change, other users cannot connect to vhost listening socket. This change is not necessary if using root to start a container. It's indeed a question worth discussion: whether it's reasonable to allow everybody to start a virtio device. Thanks, Jianfeng > > > + > > return sockfd; > > > > err: > > -- > > 2.1.4
On Mon, Nov 09, 2015 at 05:15:23AM +0000, Tan, Jianfeng wrote: ... > > > > > > + ret = chmod(un.sun_path, 0666); > > > + if (ret == 0) > > > + RTE_LOG(INFO, VHOST_CONFIG, "chmod 0666, ok\n"); > > > > That doesn't seem right to me. Doing that kind of change in a libraray doesn't > > seem to be a good practice, don't even to say changing it to "0666" blindly, > > which allows every body to access it. > > > > --yliu > > Hi Yuanhan, > > The original intention for this change is for the use case: use "root" to > start ovs-dpdk (or any other switch application), but use other users to > run some containers. Not with this change, other users cannot connect > to vhost listening socket. I know your concern, do it with some user space utils (like chmod) then, but not in a libraray. BTW, "chown", limiting it to a specific user, or "chmod g+rw", limiting it to a specific group, is more appropriate here. --yliu > > This change is not necessary if using root to start a container. It's indeed > a question worth discussion: whether it's reasonable to allow everybody > to start a virtio device. > > Thanks, > Jianfeng > > > > > > + > > > return sockfd; > > > > > > err: > > > -- > > > 2.1.4
> -----Original Message----- > From: Yuanhan Liu [mailto:yuanhan.liu@linux.intel.com] > Sent: Monday, November 9, 2015 1:41 PM > To: Tan, Jianfeng > Cc: dev@dpdk.org; nakajima.yoshihiro@lab.ntt.co.jp; zhbzg@huawei.com; > mst@redhat.com; gaoxiaoqiu@huawei.com; oscar.zhangbo@huawei.com; > ann.zhuangyanying@huawei.com; zhoujingbin@huawei.com; > guohongzhen@huawei.com > Subject: Re: [dpdk-dev] [RFC 5/5] vhost/container: change mode of vhost > listening socket > > On Mon, Nov 09, 2015 at 05:15:23AM +0000, Tan, Jianfeng wrote: > ... > > > > > > > > + ret = chmod(un.sun_path, 0666); > > > > + if (ret == 0) > > > > + RTE_LOG(INFO, VHOST_CONFIG, "chmod 0666, ok\n"); > > > > > > That doesn't seem right to me. Doing that kind of change in a > > > libraray doesn't seem to be a good practice, don't even to say > > > changing it to "0666" blindly, which allows every body to access it. > > > > > > --yliu > > > > Hi Yuanhan, > > > > The original intention for this change is for the use case: use "root" > > to start ovs-dpdk (or any other switch application), but use other > > users to run some containers. Not with this change, other users cannot > > connect to vhost listening socket. > > I know your concern, do it with some user space utils (like chmod) then, but > not in a libraray. > > BTW, "chown", limiting it to a specific user, or "chmod g+rw", limiting it to a > specific group, is more appropriate here. > > --yliu Got your point. Consider to revert this change in next version. Thanks! Jianfeng > > > > This change is not necessary if using root to start a container. It's > > indeed a question worth discussion: whether it's reasonable to allow > > everybody to start a virtio device. > > > > Thanks, > > Jianfeng > > > > > > > > > + > > > > return sockfd; > > > > > > > > err: > > > > -- > > > > 2.1.4
diff --git a/lib/librte_vhost/vhost_user/vhost-net-user.c b/lib/librte_vhost/vhost_user/vhost-net-user.c index 2dc0547..7b24f7c 100644 --- a/lib/librte_vhost/vhost_user/vhost-net-user.c +++ b/lib/librte_vhost/vhost_user/vhost-net-user.c @@ -42,6 +42,7 @@ #include <sys/un.h> #include <errno.h> #include <pthread.h> +#include <sys/stat.h> #include <rte_log.h> #include <rte_virtio_net.h> @@ -137,6 +138,10 @@ uds_socket(const char *path) if (ret == -1) goto err; + ret = chmod(un.sun_path, 0666); + if (ret == 0) + RTE_LOG(INFO, VHOST_CONFIG, "chmod 0666, ok\n"); + return sockfd; err: