[pdm-devel] [PATCH 1/2] privileged api server: properly handle socket on reload

[Thomas Lamprecht]

On 23/12/2024 17:16, Thomas Lamprecht wrote:
> On 23/12/2024 14:08, Fabian Grünbichler wrote:
>> the permission/ownership change fails during reload because the socket doesn't
>> exist on-disk anymore, it is only passed along as previously opened FD in that
>> case..
>>
> 
> something seems still off here, after a reload of the privileged daemon
> the unprivileged one cannot connect to it anymore. Restarts works fine.
> 

Should be fixed now. We really must not delete the socket file
unconditionally on daemon start, as it's used from the unprivileged, main
API daemon to proxy to on-demand. So, while on a fresh start it did not
matter as the socket including the file was newly created anyway, on a
reload the file is not newly created again, as there we just re-create the
UnixListener from the inherited FD, thus breaking the proxying completely.

I lost some time as I initially suspected the FD passing to be broken, which
would not matter for the TCP socket based PBS and thus explain why it "works"
there, but the socket FD passing actually works and is done quite elegantly,
so I finally saw the obvious: no socket file == not being able to connect.

To fix this I moved the removal into the bind fn from the impl of the
Listenable trait for the tokio::net::UnixListener type used here, that way
it's only done on fresh socket creation. As alternative we could keep the
proxy FD open and transparently reconnect to the new FD (e.g., comparing
inode with our cached one, or just opportunistically if the old one stops
accepting connections).