starting netconf development

Gabor Gombas gombasg at sztaki.hu
Wed May 9 10:41:57 UTC 2007


On Tue, May 08, 2007 at 09:49:41PM +0100, Simon Kelley wrote:

> If we want to make a persistent daemon, and turn ifup into something which 
> pokes the daemon, then we can use a unix-domain socket to talk to the 
> daemon, and pass file descriptors over the socket so that the daemon has 
> the correct file descriptors from a particular ifup process and passes 
> those to child processes. I have some C code which makes this work.

Don't do that. Instead the ifup<->daemon protocol should allow the
daemon sending back packets saying "this was written to stdout by a tool
I've invoked" and ifup can just display it. That way you can use strace
at any level and see what's going on, otherwise it can be hard to
debug "who the hell is spamming my stdout/stderr"?

Also if we later want to allow network configuration without full root
privileges then descriptor passing may become nasty as it allows
unwanted and hard to control interaction between different components
running in different security domains.

Gabor

-- 
     ---------------------------------------------------------
     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences
     ---------------------------------------------------------



More information about the netconf-devel mailing list