Re: [PATCH] SUNRPC: connect to UNIX sockets synchronously

From: Stanislav Kinsbursky
Date: Wed Dec 05 2012 - 02:48:57 EST

Next message: Michael Ellerman: "Re: ccache: FATAL: Could not create /scratch/kisskb/ccache"
Previous message: Takashi Iwai: "Re: [PATCH 2/3] MODSIGN: Avoid using .incbin in C source"
In reply to: Eric Paris: "Re: [PATCH] SUNRPC: connect to UNIX sockets synchronously"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

04.12.2012 18:20, Eric Paris ÐÐÑÐÑ:

On Tue, Dec 4, 2012 at 6:10 AM, Stanislav Kinsbursky
<skinsbursky@xxxxxxxxxxxxx> wrote:

But there should be noted, that such implementation introduces limitation
(Trond's quote):
"That approach can fall afoul of the selinux restrictions on the process
context. Processes that are allowed to write data, may not be allowed to
create sockets or call connect(). That is the main reason for doing it
in the rpciod context, which is a clean kernel process context."

So you tested this and Trond was wrong? This work just fine even on
an SELinux box? Or it does break tons and tons of people's computers?

-Eric

You can read discussion here:
https://patchwork.kernel.org/patch/1565111/

We use AF_LOCAL transports only for portmapper calls.
So, we decided (or at least I understood that so) to make such connections
from process context - i.e. synchronously.

--
Best regards,
Stanislav Kinsbursky
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Michael Ellerman: "Re: ccache: FATAL: Could not create /scratch/kisskb/ccache"
Previous message: Takashi Iwai: "Re: [PATCH 2/3] MODSIGN: Avoid using .incbin in C source"
In reply to: Eric Paris: "Re: [PATCH] SUNRPC: connect to UNIX sockets synchronously"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]