cvs commit: src/lib/libutil Makefile libutil.h pidfile.3
pidfile.c
Brooks Davis
brooks at one-eyed-alien.net
Thu Aug 25 17:09:41 GMT 2005
On Thu, Aug 25, 2005 at 06:02:40PM +0100, Robert Watson wrote:
>
> On Thu, 25 Aug 2005, Brooks Davis wrote:
>
> >This is probably a good idea for system daemons, but I'm not sure
> >there's much point in encouraging it for ports.
>
> I think we'll find that more and more third party applications do know how
> to do this as a result of tight integration of selinux into upcoming Linux
> releases. By placing pid files in separate directories, you avoid needing
> to grant fairly broad rights on the directory itself. While you can
> pre-create pidfiles, other things like sockets generally can't be
> precreated in trivial ways without granting large amounts of privilege to
> the daemon when it starts running.
That makes sense. If we're going to do this, we may want to look at a
way for ports to register their need for such directories so they can be
created by a process with appropriate privlege. Perhaps, a
/usr/local/etc/mtree/var.d/ or something.
-- Brooks
--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20050825/de325439/attachment.bin
More information about the cvs-src
mailing list