xpra icon
Bug tracker and wiki

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#88 closed enhancement (fixed)

option to allow different users to share an mmap file and connect via unix domain sockets

Reported by: Antoine Martin Owned by: Antoine Martin
Priority: minor Milestone: 0.1
Component: core Version: 0.1.0
Keywords: Cc:

Description

This requires two things:

  • that the user can override the default location for sockets, so they can use /tmp instead of ~/.xpra
  • an option to be able to change the file mask so other users can access the mmap file

Attachments (3)

share-mmap.patch (9.6 KB) - added by Antoine Martin 7 years ago.
original patch from violetse
share-mmap-v2.patch (12.6 KB) - added by Antoine Martin 7 years ago.
updated patch with small changes
mmap-patch-3.patch (15.8 KB) - added by violetse 7 years ago.

Download all attachments as: .zip

Change History (7)

Changed 7 years ago by Antoine Martin

Attachment: share-mmap.patch added

original patch from violetse

comment:1 Changed 7 years ago by Antoine Martin

Outstanding issues and notes:

  • os.chown(self.mmap_file, -1, s.st_uid) - shouldn't that be os.chown(self.mmap_file, -1, s.st_gid)? As we want the gid to match?
  • agreed to rename logdir to confdir
  • moved the "sockfile" setup code to the connection classes' "target" attribute
  • create_unix_domain_socket is racy: we chmod by name after calling bind, this should use umask or a temporary directory. Also, this is a change from previous versions which may affect security, I can't see a problem since ".xpra" is 0700 and the socket will go there by default, but maybe I am missing something?
  • the man page needs updating
  • the code does not work with "--no-deamon"

Updated patch to follow.

Last edited 7 years ago by Antoine Martin (previous) (diff)

Changed 7 years ago by Antoine Martin

Attachment: share-mmap-v2.patch added

updated patch with small changes

Changed 7 years ago by violetse

Attachment: mmap-patch-3.patch added

comment:2 Changed 7 years ago by violetse

In patch 3 I have:

Added umask so there is no race condition in create_unix_domain_socket

Updated the man page

comment:3 Changed 7 years ago by Antoine Martin

Resolution: fixed
Status: newclosed

merged with only cosmetic changes in r594

You must have spotted that fchmod was unnecessary in the non-mmap_group codepath: tempfile.NamedTemporaryFile does it for us (although this isn't documented explicitly in the Python docs..)

Closing, please test and re-open if needed. Thanks!

comment:4 Changed 7 years ago by Antoine Martin

FYI: this broke ssh connections, see #120 for details..

Note: See TracTickets for help on using tickets.