[devel] [PATCH hasher-priv v1 1/3] Makefile

[Dmitry V. Levin]

On Thu, Sep 17, 2020 at 04:12:36PM +0300, Arseny Maslennikov wrote:
> On Fri, Dec 13, 2019 at 12:42:03PM +0100, Alex Gladkov wrote:
[...]
> > @@ -21,6 +21,7 @@ man5dir = $(mandir)/man5
> >  man8dir = $(mandir)/man8
> >  configdir = $(sysconfdir)/$(PROJECT)
> >  helperdir = $(libexecdir)/$(PROJECT)
> > +socketdir = /var/run
> 
> Why /var/run and not /run, especially in a new project?

It's the same thing nowadays, isn't it?

> Even further, I would suggest that we store the socket in
> /run/hasher-priv or something, setgid hashman, with 0710 rights. The
> major service managers can create the directory on startup for us:
> there's mkdir(1), there's RuntimeDirectory= and RuntimeDirectoryMode=.

I distinctly remember we discussed this the last autumn or winter.
Yes, unix domain socket access restrictions should be implemented
using directory permissions.


-- 
ldv