Date: Thu, 25 Aug 2005 10:09:40 -0700 From: Brooks Davis <brooks@one-eyed-alien.net> To: Robert Watson <rwatson@FreeBSD.org> Cc: John-Mark Gurney <gurney_j@resnet.uoregon.edu>, src-committers@FreeBSD.org, Pawel Jakub Dawidek <pjd@FreeBSD.org>, Brooks Davis <brooks@one-eyed-alien.net>, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libutil Makefile libutil.h pidfile.3 pidfile.c Message-ID: <20050825170940.GC29549@odin.ac.hmc.edu> In-Reply-To: <20050825180050.F16967@fledge.watson.org> References: <200508241721.j7OHLcNP061118@repoman.freebsd.org> <20050825060448.Q11335@fledge.watson.org> <20050825154354.GE30465@funkthat.com> <20050825171046.X72462@fledge.watson.org> <20050825165501.GB29549@odin.ac.hmc.edu> <20050825180050.F16967@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--f+W+jCU1fRNres8c Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 25, 2005 at 06:02:40PM +0100, Robert Watson wrote: >=20 > On Thu, 25 Aug 2005, Brooks Davis wrote: >=20 > >This is probably a good idea for system daemons, but I'm not sure=20 > >there's much point in encouraging it for ports. >=20 > I think we'll find that more and more third party applications do know ho= w=20 > to do this as a result of tight integration of selinux into upcoming Linu= x=20 > releases. By placing pid files in separate directories, you avoid needin= g=20 > to grant fairly broad rights on the directory itself. While you can=20 > pre-create pidfiles, other things like sockets generally can't be=20 > precreated in trivial ways without granting large amounts of privilege to= =20 > the daemon when it starts running. That makes sense. If we're going to do this, we may want to look at a way for ports to register their need for such directories so they can be created by a process with appropriate privlege. Perhaps, a /usr/local/etc/mtree/var.d/ or something. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --f+W+jCU1fRNres8c Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDDftUXY6L6fI4GtQRAgFHAJ9kUUYSKyxsdtQbqDaeAFjO2TCgkwCeOWRC PyUTLX+wG9yX08PXwhRsRqM= =ajlt -----END PGP SIGNATURE----- --f+W+jCU1fRNres8c--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050825170940.GC29549>