On Wed, Jul 16, 2014 at 08:30:02PM +0200, Martin Kletzander wrote:
> - retry:
> - if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) {
> - if ((errno == ECONNREFUSED ||
> - errno == ENOENT) &&
> - spawnDaemon && retries < 20) {
> - VIR_DEBUG("Connection refused for %s, trying to spawn %s",
> - path, binary);
> - if (retries == 0 &&
> - virNetSocketForkDaemon(binary) < 0)
> - goto error;
> + if (spawnDaemon) {
> + if ((passfd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
> + virReportSystemError(errno, "%s", _("Failed to create socket"));
> + goto error;
> + }
>
> - retries++;
> - usleep(1000 * 100 * retries);
> - goto retry;
> + /*
> + * We cannot do the umask() trick here because that's not
> + * thread-safe. fchmod(), however, is not guaranteed to work on
> + * some BSD favours, but *should* work on Linux before the socket
> + * is bound. POSIX says the behaviour of fchmod() called on
> + * socket is unspecified, though.
> + */
IIUC, the entire concept of UNIX domain socket permissions is entirely
unspecified not just fchmod().
We could however use umask() here if you use a virFork() to start a
single threaded process. Set umask, create the socket, and then exit,
allowing the parent to continue.
> + if (fchmod(passfd, 0700) < 0) {
> + virReportSystemError(errno, "%s",
> + _("Failed to change permissions on socket"));
> + goto error;
> }
>
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list