Date: Thu, 25 Aug 2005 10:09:40 -0700 From: Brooks Davis <brooks@one-eyed-alien.net> To: Robert Watson <rwatson@FreeBSD.org> Cc: John-Mark Gurney <gurney_j@resnet.uoregon.edu>, src-committers@FreeBSD.org, Pawel Jakub Dawidek <pjd@FreeBSD.org>, Brooks Davis <brooks@one-eyed-alien.net>, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libutil Makefile libutil.h pidfile.3 pidfile.c Message-ID: <20050825170940.GC29549@odin.ac.hmc.edu> In-Reply-To: <20050825180050.F16967@fledge.watson.org> References: <200508241721.j7OHLcNP061118@repoman.freebsd.org> <20050825060448.Q11335@fledge.watson.org> <20050825154354.GE30465@funkthat.com> <20050825171046.X72462@fledge.watson.org> <20050825165501.GB29549@odin.ac.hmc.edu> <20050825180050.F16967@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Thu, Aug 25, 2005 at 06:02:40PM +0100, Robert Watson wrote: > > On Thu, 25 Aug 2005, Brooks Davis wrote: > > >This is probably a good idea for system daemons, but I'm not sure > >there's much point in encouraging it for ports. > > I think we'll find that more and more third party applications do know how > to do this as a result of tight integration of selinux into upcoming Linux > releases. By placing pid files in separate directories, you avoid needing > to grant fairly broad rights on the directory itself. While you can > pre-create pidfiles, other things like sockets generally can't be > precreated in trivial ways without granting large amounts of privilege to > the daemon when it starts running. That makes sense. If we're going to do this, we may want to look at a way for ports to register their need for such directories so they can be created by a process with appropriate privlege. Perhaps, a /usr/local/etc/mtree/var.d/ or something. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDDftUXY6L6fI4GtQRAgFHAJ9kUUYSKyxsdtQbqDaeAFjO2TCgkwCeOWRC PyUTLX+wG9yX08PXwhRsRqM= =ajlt -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050825170940.GC29549>