cvs commit: src/lib/libutil Makefile libutil.h pidfile.3 pidfile.c

Brooks Davis brooks at
Thu Aug 25 17:09:41 GMT 2005

On Thu, Aug 25, 2005 at 06:02:40PM +0100, Robert Watson wrote:
> On Thu, 25 Aug 2005, Brooks Davis wrote:
> >This is probably a good idea for system daemons, but I'm not sure 
> >there's much point in encouraging it for ports.
> I think we'll find that more and more third party applications do know how 
> to do this as a result of tight integration of selinux into upcoming Linux 
> releases.  By placing pid files in separate directories, you avoid needing 
> to grant fairly broad rights on the directory itself.  While you can 
> pre-create pidfiles, other things like sockets generally can't be 
> precreated in trivial ways without granting large amounts of privilege to 
> the daemon when it starts running.

That makes sense.  If we're going to do this, we may want to look at a
way for ports to register their need for such directories so they can be
created by a process with appropriate privlege.  Perhaps, a
/usr/local/etc/mtree/var.d/ or something.

-- Brooks

Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the cvs-src mailing list