Re: readiness notification from non-subprocess

From: Laurent Bercot <ska-skaware_at_skarnet.org>
Date: Mon, 28 Sep 2015 23:09:12 +0200

On 28/09/2015 22:49, Buck Evan wrote:
> If i'm reading the code correctly, readiness notification currently works
> via a unnamed pipe between s6-supervise and its supervised subprocess. I'd
> like to tell s6-supervise that my service has become 'ready' from a parent
> process, which of course doesn't have access to that named pipe.
>
> I realize this is highly unusual and possibly a problematic design on my
> part, but I think this would be a reasonable feature; could we promote that
> anonymous pipe to a named pipe under supervise/, please?
> supervise/notification seems like an obvious choice.

  I'd rather not, if it can be avoided, for safety reasons. The less
s6-supervise interacts with user-controlled filesystems, the better -
this is the reason why it took me so much time to implement
timeout-finish support: I wanted to do it in a way that could not
fail. Named pipes are fickle creatures, and I don't trust users to
handle them correctly (dumb example: busybox grep does not play nice
with them, I'm not sure about GNU grep) whereas a pre-opened fd is
relatively safe - only the daemon and its children have access to it,
and there aren't many possible misuses.

  IOW: the restriction is intentional.

  Could you please describe a little more what your setup is? I'm
sure we can find solutions to your problem that don't involve relaxing
the restriction.

-- 
  Laurent
Received on Mon Sep 28 2015 - 21:09:12 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:38:49 UTC