apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: APR-izing httpd's unixd_set_proc_mutex_perms
Date Mon, 02 Feb 2009 17:13:57 GMT
Mladen Turk wrote:
> William A. Rowe, Jr. wrote:
>> Mladen Turk wrote:
>>> Long time since initial proposal, but here it is.
>>> Since there was no objections I'll commit this into trunk.
>> Does this API imply that the developer has to manage the resources
>> to be converted by uid/gid?
>> If so, I suspect you are ignoring others who the primary author is
>> unaware of.
>> The right API, IMHO, is to register a list of resources to be
>> converted *to whatever target uid/gid* will be used after fork.
>> Why should the author track these?
> Make sense, but IMO as an additional API.
> We shouldn't make limit to set the object owners
> during fork only. A simple client server where
> server is running as root and client accessing its
> shared memory won't need to fork in all cases.
> I presume you were thinking of list of callbacks
> that could be registered to apr_procattr_t and
> called after the fork is done, with its uid/gid.

Something like that, yea.  And you raise a good point w.r.t. some
deliberately shared resources.

I'd actually want to allow such an API to target either uid, gid
or both for apps who want to manage access by only one or the other,
leaving access by uid or gid alone after fork.

View raw message