inetd-style socket passing traditionally starts a service with a connected socket on file descriptors 0 and 1. passt disallowing obtaining its socket from either of these descriptors made it difficult to use with super-servers providing this interface — in my case I wanted to use passt with s6-ipcserver[1]. Since (as far as I can tell) passt does not use standard input for anything else (unlike standard output), it should be safe to relax the restrictions on --fd to allow setting it to 0, enabling this use case. Link: https://skarnet.org/software/s6/s6-ipcserver.html [1] Signed-off-by: Alyssa Ross <hi(a)alyssa.is> --- conf.c | 3 ++- util.c | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/conf.c b/conf.c index f942851..a6d7e22 100644 --- a/conf.c +++ b/conf.c @@ -1717,7 +1717,8 @@ void conf(struct ctx *c, int argc, char **argv) fd_tap_opt = strtol(optarg, NULL, 0); if (errno || - fd_tap_opt <= STDERR_FILENO || fd_tap_opt > INT_MAX) + (fd_tap_opt != STDIN_FILENO && fd_tap_opt <= STDERR_FILENO) || + fd_tap_opt > INT_MAX) die("Invalid --fd: %s", optarg); c->fd_tap = fd_tap_opt; diff --git a/util.c b/util.c index 62a6003..f5497d4 100644 --- a/util.c +++ b/util.c @@ -875,7 +875,9 @@ void close_open_files(int argc, char **argv) errno = 0; fd = strtol(optarg, NULL, 0); - if (errno || fd <= STDERR_FILENO || fd > INT_MAX) + if (errno || + (fd != STDIN_FILENO && fd <= STDERR_FILENO) || + fd > INT_MAX) die("Invalid --fd: %s", optarg); } } while (name != -1); base-commit: 436afc30447c6f0ce516f2b38c769833114bb5f8 -- 2.47.2
On Sat, 26 Apr 2025 10:44:25 +0200 Alyssa Ross <hi(a)alyssa.is> wrote:inetd-style socket passing traditionally starts a service with a connected socket on file descriptors 0 and 1. passt disallowing obtaining its socket from either of these descriptors made it difficult to use with super-servers providing this interface — in my case I wanted to use passt with s6-ipcserver[1].Hah, interesting usage, first report I've seen with s6. Is that to dispatch passt processes for a network / set of guests or something?Since (as far as I can tell) passt does not use standard input for anything else (unlike standard output),Correct (...and unlike standard error, too).it should be safe to relax the restrictions on --fd to allow setting it to 0, enabling this use case. Link: https://skarnet.org/software/s6/s6-ipcserver.html [1] Signed-off-by: Alyssa Ross <hi(a)alyssa.is>Applied, thanks for the patch, and welcome to the git log! -- Stefano
On Mon, 28 Apr 2025 14:36:02 +0200 Stefano Brivio <sbrivio(a)redhat.com> wrote:On Sat, 26 Apr 2025 10:44:25 +0200 Alyssa Ross <hi(a)alyssa.is> wrote:Never mind, I just found: https://spectrum-os.org/git/spectrum/commit/?id=aac74f6165740a6b041a7205ec8… and related commits. I'm glad to see passt being useful there! By the way, if it helps: - you can actually use QEMU with e1000e and passt, it's somewhat slower than virtio-net (especially with vhost-user), about 1-2 Gbps in my experience, but perfectly usable. For a command line example, see: https://bugs.passt.top/show_bug.cgi?id=107#c0 - libkrun, which is somewhat similar to / shares some code with Cloud Hypervisor, also uses passt, like this: https://github.com/containers/libkrun/blob/main/src/devices/src/virtio/net/… ...that's without vhost-user support, so far. I had no idea you got Cloud Hypervisor and crosvm to use passt *with* vhost-user supprt, though. That looks like one step further :) - muvm, which uses libkrun to run arbitrary commands in micro VMs (it has conceptually a couple of things in common with Qubes and Spectrum I guess), uses passt's NDP responder and DHCP server to configure its guest network: https://github.com/AsahiLinux/muvm/blob/dc874d4e6c261624b7c6cc9aab151d4d33d… -- Stefanoinetd-style socket passing traditionally starts a service with a connected socket on file descriptors 0 and 1. passt disallowing obtaining its socket from either of these descriptors made it difficult to use with super-servers providing this interface — in my case I wanted to use passt with s6-ipcserver[1].Hah, interesting usage, first report I've seen with s6. Is that to dispatch passt processes for a network / set of guests or something?