[Libguestfs] [libguestfs PATCH v2 4/7] docs: clarify sockdir's separation

Laszlo Ersek lersek at redhat.com
Fri Jul 14 13:22:10 UTC 2023 

There's another reason for separating sockdir from tmpdir, beyond "shorter
pathnames needed": permissions. For example, passt drops privileges such
that it cannot access "/tmp", and that restricts both the unix domain
socket and the PID file of passt.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2184967
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
Reviewed-by: Richard W.M. Jones <rjones at redhat.com>
---

Notes:
    v2:
    
    - pick up Rich's R-b

 generator/actions_properties.ml | 8 ++++++--
 fish/guestfish.pod              | 4 ++--
 lib/guestfs.pod                 | 4 ++--
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/generator/actions_properties.ml b/generator/actions_properties.ml
index f84afb10d674..42eaaa4d81e1 100644
--- a/generator/actions_properties.ml
+++ b/generator/actions_properties.ml
@@ -595,13 +595,17 @@ Get the handle identifier.  See C<guestfs_set_identifier>." };
     name = "get_sockdir"; added = (1, 33, 8);
     style = RString (RPlainString, "sockdir"), [], [];
     blocking = false;
-    shortdesc = "get the temporary directory for sockets";
+    shortdesc = "get the temporary directory for sockets and PID files";
     longdesc = "\
-Get the directory used by the handle to store temporary socket files.
+Get the directory used by the handle to store temporary socket and PID
+files.
 
 This is different from C<guestfs_get_tmpdir>, as we need shorter
 paths for sockets (due to the limited buffers of filenames for UNIX
 sockets), and C<guestfs_get_tmpdir> may be too long for them.
+Furthermore, sockets and PID files must be accessible to such background
+services started by libguestfs that may not have permission to access
+the temporary directory returned by C<guestfs_get_tmpdir>.
 
 The environment variable C<XDG_RUNTIME_DIR> controls the default
 value: If C<XDG_RUNTIME_DIR> is set, then that is the default.
diff --git a/fish/guestfish.pod b/fish/guestfish.pod
index ccc0825b84a0..492aa7163fcb 100644
--- a/fish/guestfish.pod
+++ b/fish/guestfish.pod
@@ -1548,8 +1548,8 @@ See L</LIBGUESTFS_CACHEDIR>, L</LIBGUESTFS_TMPDIR>.
 This directory represents a user-specific directory for storing
 non-essential runtime files.
 
-If it is set, then is used to store temporary sockets.  Otherwise,
-F</tmp> is used.
+If it is set, then is used to store temporary sockets and PID files.
+Otherwise, F</tmp> is used.
 
 See also L</get-sockdir>,
 L<http://www.freedesktop.org/wiki/Specifications/basedir-spec/>.
diff --git a/lib/guestfs.pod b/lib/guestfs.pod
index 68688f31aa5f..e46dd81f9e0a 100644
--- a/lib/guestfs.pod
+++ b/lib/guestfs.pod
@@ -3220,8 +3220,8 @@ See L</LIBGUESTFS_CACHEDIR>, L</LIBGUESTFS_TMPDIR>.
 This directory represents a user-specific directory for storing
 non-essential runtime files.
 
-If it is set, then is used to store temporary sockets.  Otherwise,
-F</tmp> is used.
+If it is set, then is used to store temporary sockets and PID files.
+Otherwise, F</tmp> is used.
 
 See also L</guestfs_get_sockdir>,
 L<http://www.freedesktop.org/wiki/Specifications/basedir-spec/>.

More information about the Libguestfs mailing list