Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set 722 file permissions on UDS socket #93

Merged
merged 1 commit into from
Aug 2, 2022
Merged

Set 722 file permissions on UDS socket #93

merged 1 commit into from
Aug 2, 2022

Conversation

Kyle-Verhoog
Copy link
Member

@Kyle-Verhoog Kyle-Verhoog commented Aug 2, 2022
edited
Loading

The permissions of the socket created by aiohttp aren't as permissive as
the ones set by the real agent. (see
aio-libs/aiohttp#4155)

from @devinsba:

test agent:

cnb@my-app:/var/run/datadog$ ls -la
total 4
drwxr-xr-x 2 root root   60 Aug  1 21:24 .
drwxr-xr-x 1 root root 4096 Aug  1 21:24 ..
srwxr-xr-x 1 root root    0 Aug  1 21:24 apm.socket

real agent:

cnb@my-app:/var/run/datadog$ ls -la
total 4
drwxr-xr-x 2 root root   80 Aug  1 21:30 .
drwxr-xr-x 1 root root 4096 Aug  1 21:31 ..
srwx-w--w- 1 root root    0 Aug  1 21:30 apm.socket

aiohttp doesn't seem to have a configurable way
to set these permissions but it does let us create and
manage a socket ourselves, so let's try that.

@Kyle-Verhoog Kyle-Verhoog added this to the 1.5.1 milestone Aug 2, 2022
@Kyle-Verhoog Kyle-Verhoog requested a review from devinsba August 2, 2022 20:58
@Kyle-Verhoog Kyle-Verhoog force-pushed the fix-uds branch 2 times, most recently from 0528fba to 895d265 Compare August 2, 2022 21:01
devinsba
devinsba approved these changes Aug 2, 2022
View reviewed changes
ddapm_test_agent/agent.py
apm_sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
apm_sock.bind(parsed_args.trace_uds_socket)
os.chmod(parsed_args.trace_uds_socket, 0o777)
atexit.register(lambda: os.unlink(parsed_args.trace_uds_socket))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is cool, this is the part I was missing this morning

@Kyle-Verhoog Kyle-Verhoog changed the title Set 777 file permissions on UDS socket Set 722 file permissions on UDS socket Aug 2, 2022
@Kyle-Verhoog
Set 722 file permissions on UDS socket
42789e5 
The permissions of the socket created by aiohttp aren't as permissive as
the ones set by the real agent. (see
aio-libs/aiohttp#4155)

from @devinsba:

test agent:

```
cnb@my-app:/var/run/datadog$ ls -la
total 4
drwxr-xr-x 2 root root   60 Aug  1 21:24 .
drwxr-xr-x 1 root root 4096 Aug  1 21:24 ..
srwxr-xr-x 1 root root    0 Aug  1 21:24 apm.socket
```

real agent:

```
cnb@my-app:/var/run/datadog$ ls -la
total 4
drwxr-xr-x 2 root root   80 Aug  1 21:30 .
drwxr-xr-x 1 root root 4096 Aug  1 21:31 ..
srwx-w--w- 1 root root    0 Aug  1 21:30 apm.socket
```

aiohttp doesn't seem to have a configurable way
to set these permissions but it does let us create and
manage a socket ourselves, so let's try that.
@Kyle-Verhoog Kyle-Verhoog merged commit b75aac7 into DataDog:master Aug 2, 2022
@Kyle-Verhoog Kyle-Verhoog deleted the fix-uds branch August 2, 2022 21:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devinsba devinsba devinsba approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.5.1
Development

Successfully merging this pull request may close these issues.
2 participants
@Kyle-Verhoog @devinsba