From 8545c612beba2e3bc8b89664ef74c9ee9e22b8e6 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Fri, 14 Jul 2023 15:22:10 +0200 Subject: [PATCH] docs: clarify sockdir's separation There's another reason for separating sockdir from tmpdir, beyond "shorter pathnames needed": permissions. For example, passt drops privileges such that it cannot access "/tmp", and that restricts both the unix domain socket and the PID file of passt. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2184967 Signed-off-by: Laszlo Ersek Reviewed-by: Richard W.M. Jones Message-Id: <20230714132213.96616-5-lersek@redhat.com> (cherry picked from commit 21ccddecf7dd51b24bb2b71dbc8beb1a8dd01923) --- fish/guestfish.pod | 4 ++-- generator/actions_properties.ml | 8 ++++++-- lib/guestfs.pod | 4 ++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/fish/guestfish.pod b/fish/guestfish.pod index d36cac9d..33fc8b2c 100644 --- a/fish/guestfish.pod +++ b/fish/guestfish.pod @@ -1492,8 +1492,8 @@ See L, L. This directory represents a user-specific directory for storing non-essential runtime files. -If it is set, then is used to store temporary sockets. Otherwise, -F is used. +If it is set, then is used to store temporary sockets and PID files. +Otherwise, F is used. See also L, L. diff --git a/generator/actions_properties.ml b/generator/actions_properties.ml index f84afb10..42eaaa4d 100644 --- a/generator/actions_properties.ml +++ b/generator/actions_properties.ml @@ -595,13 +595,17 @@ Get the handle identifier. See C." }; name = "get_sockdir"; added = (1, 33, 8); style = RString (RPlainString, "sockdir"), [], []; blocking = false; - shortdesc = "get the temporary directory for sockets"; + shortdesc = "get the temporary directory for sockets and PID files"; longdesc = "\ -Get the directory used by the handle to store temporary socket files. +Get the directory used by the handle to store temporary socket and PID +files. This is different from C, as we need shorter paths for sockets (due to the limited buffers of filenames for UNIX sockets), and C may be too long for them. +Furthermore, sockets and PID files must be accessible to such background +services started by libguestfs that may not have permission to access +the temporary directory returned by C. The environment variable C controls the default value: If C is set, then that is the default. diff --git a/lib/guestfs.pod b/lib/guestfs.pod index 5db6dd91..dff32cc9 100644 --- a/lib/guestfs.pod +++ b/lib/guestfs.pod @@ -3120,8 +3120,8 @@ See L, L. This directory represents a user-specific directory for storing non-essential runtime files. -If it is set, then is used to store temporary sockets. Otherwise, -F is used. +If it is set, then is used to store temporary sockets and PID files. +Otherwise, F is used. See also L, L.