From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ldv@altlinux.org>
Date: Fri, 18 Sep 2020 13:42:40 +0300
From: "Dmitry V. Levin" <ldv@altlinux.org>
To: Arseny Maslennikov <ar@cs.msu.ru>
Message-ID: <20200918104240.GA29951@altlinux.org>
References: <cover.1576183643.git.legion@altlinux.org>
 <9bca7626b593f896de4283cba2d6290ec99eb4f2.1576183643.git.legion@altlinux.org>
 <20200917131156.GH286846@cello>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200917131156.GH286846@cello>
Cc: devel@lists.altlinux.org, Alex Gladkov <legion@altlinux.ru>
Subject: Re: [devel] [PATCH hasher-priv v1 1/3] config.c
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2020 10:42:40 -0000
Archived-At: <http://lore.altlinux.org/devel/20200918104240.GA29951@altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>

On Thu, Sep 17, 2020 at 04:11:56PM +0300, Arseny Maslennikov wrote:
> On Fri, Dec 13, 2019 at 12:42:03PM +0100, Alex Gladkov wrote:
[...]
> > +static void
> > +check_server_control_group(void)
> 
> Bad (IOW, unlucky) naming; especially since in a later patch
> hasher-privd deals with cgroups.

It's the group that limits access to the server,
so it's the access group.

> Is this related to the socket inode's gid in /run?

Yes, but the inode of the listening socket doesn't necessarily have to
belong to this group if the access limit is implemented using directory
permissions.


-- 
ldv