Proxy: Socket file 'other' permission changes to support ACRN Hypervisor

Question

Proxy: Socket file 'other' permission changes to support ACRN Hypervisor

Closed this issue 4 years ago · 0 comments

When binding the socket with the file path, the socket file permission is changed to 755. The reason being the following,
Bind system call sets the socket file permission(mode) based on, socket FD permission and umask bits set. Socket FD by default is set to 777 and umask by default is set to 022. This results in 755. ACRN doesn't plan to have an API to update the umask so added the workaround in kata proxy, where if the ‘other’ permission is not disabled, then kata proxy can override and disable it.

Linux Kernel Code showing the socket file permission being set based on FD permission and umask bits.
if (sun_path[0]) {
umode_t mode = S_IFSOCK |
(SOCK_INODE(sock)->i_mode & ~current_umask());
err = unix_mknod(sun_path, mode, &path);
if (err) {
if (err == -EEXIST)
err = -EADDRINUSE;
goto out;
}
}