[Libguestfs] [PATCH nbdkit 06/10] server: Make --run imply -U -

Almost always when you used nbdkit --run you should also use -U - (to use a private Unix domain socket). Otherwise nbdkit listened on TCP port 10809, which had two bad side effects: It permitted other processes to interfere with your --run command, and it reserved a public TCP port which would stop two instances of nbdkit running at the same time. This was a frequent cause of bugs in test cases. Switch the default so now --run implies -U - You can still get the old behaviour by using --port explicitly, but that is almost certainly a bad idea. (Using --run and --vsock works the same way as before too. It is also usually a bad idea, although we use it in one test.) --- docs/nbdkit-captive.pod | 7 ------- docs/nbdkit.pod | 9 ++++++++- server/main.c | 9 +++++++++ 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/docs/nbdkit-captive.pod b/docs/nbdkit-captive.pod index 34a1d0922..248f9df28 100644 --- a/docs/nbdkit-captive.pod +++ b/docs/nbdkit-captive.pod @@ -98,13 +98,6 @@ I<--run> implies I<--foreground>. It is not possible, and probably not desirable, to have nbdkit fork into the background when using I<--run>. -Even when running captive, nbdkit still listens on the regular TCP/IP -port, unless you specify the I<-p>/I<-U> options. If you want a truly -private captive nbdkit, then you should create a private random -Unix socket, like this: - - nbdkit -U - plugin [args] --run '...' - =head2 Copying data in and out of plugins with captive nbdkit Captive nbdkit + L<qemu-img(1)> can be used to copy data into and out diff --git a/docs/nbdkit.pod b/docs/nbdkit.pod index 634c97e3a..f62796886 100644 --- a/docs/nbdkit.pod +++ b/docs/nbdkit.pod @@ -382,6 +382,12 @@ like Debian this might not be a full-featured shell. This option implies I<--foreground>. +In nbdkit E<le> 1.34 you normally had to add I<-U ->, otherwise nbdkit +would use a TCP/IP port which was normally not what you wanted. In +nbdkit E<ge> 1.36, using I<--run> implies I<-U ->. If you want the +old behaviour of nbdkit then you must add the I<--port> option +explicitly. + =item B<--selinux-label=>SOCKET-LABEL Apply the SELinux label C<SOCKET-LABEL> to the nbdkit listening @@ -481,7 +487,8 @@ should delete the socket file after use (else if you try to start nbdkit up again you will get an C<Address already in use> error). If the socket name is I<-> then nbdkit generates a randomly named -private socket. This is useful with L<nbdkit-captive(1)/CAPTIVE NBDKIT>. +private socket. This is implied by the I<--run> option. See also +L<nbdkit-captive(1)/CAPTIVE NBDKIT>. =item B<-u> USER diff --git a/server/main.c b/server/main.c index 0c9019d94..978a720cf 100644 --- a/server/main.c +++ b/server/main.c @@ -621,6 +621,15 @@ main (int argc, char *argv[]) exit (EXIT_FAILURE); } + /* Since nbdkit 1.36, --run implies -U -, unless --vsock or --port + * was set explicitly. + */ + if (run && !unixsocket && !port && !vsock) { + unixsocket = make_random_fifo (); + if (!unixsocket) + exit (EXIT_FAILURE); + } + /* By the point we have enough information to calculate the service mode. */ if (socket_activation) service_mode = SERVICE_MODE_SOCKET_ACTIVATION; -- 2.41.0