On Wed, Jul 16, 2014 at 08:30:02PM +0200, Martin Kletzander wrote:
- retry: - if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) { - if ((errno == ECONNREFUSED || - errno == ENOENT) && - spawnDaemon && retries < 20) { - VIR_DEBUG("Connection refused for %s, trying to spawn %s", - path, binary); - if (retries == 0 && - virNetSocketForkDaemon(binary) < 0) - goto error; + if (spawnDaemon) { + if ((passfd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) { + virReportSystemError(errno, "%s", _("Failed to create socket")); + goto error; + }
- retries++; - usleep(1000 * 100 * retries); - goto retry; + /* + * We cannot do the umask() trick here because that's not + * thread-safe. fchmod(), however, is not guaranteed to work on + * some BSD favours, but *should* work on Linux before the socket + * is bound. POSIX says the behaviour of fchmod() called on + * socket is unspecified, though. + */
IIUC, the entire concept of UNIX domain socket permissions is entirely unspecified not just fchmod(). We could however use umask() here if you use a virFork() to start a single threaded process. Set umask, create the socket, and then exit, allowing the parent to continue.
+ if (fchmod(passfd, 0700) < 0) { + virReportSystemError(errno, "%s", + _("Failed to change permissions on socket")); + goto error; }
Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|