use tempdir for graceful terminator socket when env not set #12
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #12 +/- ##
==========================================
- Coverage 90.12% 90.00% -0.13%
==========================================
Files 4 4
Lines 81 80 -1
==========================================
- Hits 73 72 -1
Misses 8 8 ☔ View full report in Codecov by Sentry. |
| @@ -14,8 +14,7 @@ _deputy_ipc_dir() = get(tempdir, ENV, "DEPUTY_IPC_DIR") | |||
| # Prefer using UNIX domain sockets but if the `DEPUTY_IPC_DIR` is set assume the file | |||
| # system is read-only and use a named pipe instead. | |||
| function _graceful_terminator_socket_path(pid::Int32) | |||
| name = "graceful-terminator.$pid" | |||
| return haskey(ENV, "DEPUTY_IPC_DIR") ? joinpath(_deputy_ipc_dir(), name) : name | |||
| return joinpath(_deputy_ipc_dir(), "graceful-terminator.$pid") | |||
There was a problem hiding this comment.
This now makes us always use named pipes. Not specifying a path should use a UNIX domain socket which don't necessary require. I'll want to run a couple of checks first.
There was a problem hiding this comment.
what's the issue with a named pipe vs. domain socket?
There was a problem hiding this comment.
https://stackoverflow.com/questions/35424970/unix-socket-permissions-linux
In the Linux implementation, sockets which are visible in the filesystem honor the per‐ missions of the directory they are in. Their owner, group and their permissions can be changed. Creation of a new socket will fail if the process does not have write and search (execute) permission on the directory the socket is created in.
There was a problem hiding this comment.
I thought if you specified just a name in listen that a UNIX-domain socket would be created in /run automatically. It turns out that switch between UNIX-domain sockets and named pipes is a libuv thing: https://docs.libuv.org/en/v1.x/guide/processes.html#new-stdio-pipes.
I think this change is good to be consistent on where we write these files. It also seems that we should be using /run more for both PID files and UNIX-domain sockets so I opened #13 to handle these changes.
|
Replaced by #13 |
This makes the socket path more robust to images where the workdir is set to
something that's read-only.