On Mon, Aug 15, 2011 at 07:36:26PM +0200, Iustin Pop wrote: > On Mon, Aug 15, 2011 at 06:00:50PM +0100, Roger Leigh wrote: > > On Mon, Aug 15, 2011 at 05:35:54PM +0100, Colin Watson wrote: > > > On Mon, Aug 15, 2011 at 04:11:49PM +0100, Roger Leigh wrote: > > > > Are these any other downsides we need to consider? One issue is the > > > > existence of badly broken programs³, which make stupid assumptions > > > > about lockfiles. > > > > > > What about programs that need to write lock files which are already > > > setgid something else? I don't have an example off the top of my head, > > > but it would surprise me if there were none of these. > > > > IIRC Fedora have a setgid lock locking helper for this, which lockdev > > uses internally. I'd need to check the details on a Fedora VM. IIRC > > it checks if you have write perms on the device being locked, and so > > individual programs don't need to be setgid lock unless they are not > > using liblockdev. > > The use of an external helper means this is significantly slower than an > open(…, O_CREAT) + flock(). While this works for some workloads, it > doesn't for all. This helper is basically restricted to device locking, in particular serial devices (minicom, uucp, wvdial etc.). I can't off the top of my head think of a scenario where this would cause problems. It's also basically a temporary solution until these programs can be patched to use lockdev, and/or for lockdev to support proper device locking with fcntl. > As my other question was: /var/lock (or /run/lock) was a good solution > for transient, "cheap" locks for coordination between some cooperative > programs. It would be ideal if we have a recipe for this after the > permissions change. This should hopefully have been addressed in my other reply WRT tmpfiles.d, which permits this providing you have a directory writable by the user/group in question. Access for normal users is however no longer possible--they would need to use somewhere they have write access, e.g. /tmp. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
Description: Digital signature