Re: Introduction of a "lock" group

To: debian-devel@lists.debian.org
Subject: Re: Introduction of a "lock" group
From: Roger Leigh <rleigh@codelibre.net>
Date: Tue, 16 Aug 2011 16:30:54 +0100
Message-id: <[🔎] 20110816153054.GC28976@codelibre.net>
In-reply-to: <[🔎] 20110815173626.GC5248@teal.hq.k1024.org>
References: <[🔎] 20110815151149.GR28976@codelibre.net> <[🔎] 20110815163554.GA3610@riva.dynamic.greenend.org.uk> <[🔎] 20110815170049.GV28976@codelibre.net> <[🔎] 20110815173626.GC5248@teal.hq.k1024.org>

On Mon, Aug 15, 2011 at 07:36:26PM +0200, Iustin Pop wrote:
> On Mon, Aug 15, 2011 at 06:00:50PM +0100, Roger Leigh wrote:
> > On Mon, Aug 15, 2011 at 05:35:54PM +0100, Colin Watson wrote:
> > > On Mon, Aug 15, 2011 at 04:11:49PM +0100, Roger Leigh wrote:
> > > > Are these any other downsides we need to consider?  One issue is the
> > > > existence of badly broken programs³, which make stupid assumptions
> > > > about lockfiles.
> > > 
> > > What about programs that need to write lock files which are already
> > > setgid something else?  I don't have an example off the top of my head,
> > > but it would surprise me if there were none of these.
> > 
> > IIRC Fedora have a setgid lock locking helper for this, which lockdev
> > uses internally.  I'd need to check the details on a Fedora VM.  IIRC
> > it checks if you have write perms on the device being locked, and so
> > individual programs don't need to be setgid lock unless they are not
> > using liblockdev.
> 
> The use of an external helper means this is significantly slower than an
> open(…, O_CREAT) + flock(). While this works for some workloads, it
> doesn't for all.

This helper is basically restricted to device locking, in particular
serial devices (minicom, uucp, wvdial etc.).  I can't off the top of
my head think of a scenario where this would cause problems.  It's
also basically a temporary solution until these programs can be
patched to use lockdev, and/or for lockdev to support proper device
locking with fcntl.

> As my other question was: /var/lock (or /run/lock) was a good solution
> for transient, "cheap" locks for coordination between some cooperative
> programs. It would be ideal if we have a recipe for this after the
> permissions change.

This should hopefully have been addressed in my other reply WRT
tmpfiles.d, which permits this providing you have a directory
writable by the user/group in question.  Access for normal users
is however no longer possible--they would need to use somewhere
they have write access, e.g. /tmp.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Introduction of a "lock" group
  - From: Roger Leigh <rleigh@codelibre.net>
- Re: Introduction of a "lock" group
  - From: Colin Watson <cjwatson@debian.org>
- Re: Introduction of a "lock" group
  - From: Roger Leigh <rleigh@codelibre.net>
- Re: Introduction of a "lock" group
  - From: Iustin Pop <iustin@debian.org>

Prev by Date: Re: Introduction of a "lock" group
Next by Date: Re: Introduction of a "lock" group
Previous by thread: Re: Introduction of a "lock" group
Next by thread: Bug#637892: ITP: python-formalchemy -- auto-generation and customizable form
Index(es):
- Date
- Thread