1 files changed, 75 insertions, 0 deletions

diff --git a/0025-docs-clarify-sockdir-s-separation.patch b/0025-docs-clarify-sockdir-s-separation.patch
new file mode 100644
index 0000000..9fd3553
--- /dev/null
+++ b/0025-docs-clarify-sockdir-s-separation.patch
@@ -0,0 +1,75 @@
+From cde50cb9d71ffa418f45868aa0d4b874847b989a Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Fri, 14 Jul 2023 15:22:10 +0200
+Subject: [PATCH] docs: clarify sockdir's separation
+
+There's another reason for separating sockdir from tmpdir, beyond "shorter
+pathnames needed": permissions. For example, passt drops privileges such
+that it cannot access "/tmp", and that restricts both the unix domain
+socket and the PID file of passt.
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2184967
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
+Message-Id: <20230714132213.96616-5-lersek@redhat.com>
+(cherry picked from commit 21ccddecf7dd51b24bb2b71dbc8beb1a8dd01923)
+---
+ fish/guestfish.pod              | 4 ++--
+ generator/actions_properties.ml | 8 ++++++--
+ lib/guestfs.pod                 | 4 ++--
+ 3 files changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/fish/guestfish.pod b/fish/guestfish.pod
+index d36cac9d..33fc8b2c 100644
+--- a/fish/guestfish.pod
++++ b/fish/guestfish.pod
+@@ -1492,8 +1492,8 @@ See L</LIBGUESTFS_CACHEDIR>, L</LIBGUESTFS_TMPDIR>.
+ This directory represents a user-specific directory for storing
+ non-essential runtime files.
+ 
+-If it is set, then is used to store temporary sockets.  Otherwise,
+-F</tmp> is used.
++If it is set, then is used to store temporary sockets and PID files.
++Otherwise, F</tmp> is used.
+ 
+ See also L</get-sockdir>,
+ L<http://www.freedesktop.org/wiki/Specifications/basedir-spec/>.
+diff --git a/generator/actions_properties.ml b/generator/actions_properties.ml
+index f84afb10..42eaaa4d 100644
+--- a/generator/actions_properties.ml
++++ b/generator/actions_properties.ml
+@@ -595,13 +595,17 @@ Get the handle identifier.  See C<guestfs_set_identifier>." };
+     name = "get_sockdir"; added = (1, 33, 8);
+     style = RString (RPlainString, "sockdir"), [], [];
+     blocking = false;
+-    shortdesc = "get the temporary directory for sockets";
++    shortdesc = "get the temporary directory for sockets and PID files";
+     longdesc = "\
+-Get the directory used by the handle to store temporary socket files.
++Get the directory used by the handle to store temporary socket and PID
++files.
+ 
+ This is different from C<guestfs_get_tmpdir>, as we need shorter
+ paths for sockets (due to the limited buffers of filenames for UNIX
+ sockets), and C<guestfs_get_tmpdir> may be too long for them.
++Furthermore, sockets and PID files must be accessible to such background
++services started by libguestfs that may not have permission to access
++the temporary directory returned by C<guestfs_get_tmpdir>.
+ 
+ The environment variable C<XDG_RUNTIME_DIR> controls the default
+ value: If C<XDG_RUNTIME_DIR> is set, then that is the default.
+diff --git a/lib/guestfs.pod b/lib/guestfs.pod
+index 5db6dd91..dff32cc9 100644
+--- a/lib/guestfs.pod
++++ b/lib/guestfs.pod
+@@ -3120,8 +3120,8 @@ See L</LIBGUESTFS_CACHEDIR>, L</LIBGUESTFS_TMPDIR>.
+ This directory represents a user-specific directory for storing
+ non-essential runtime files.
+ 
+-If it is set, then is used to store temporary sockets.  Otherwise,
+-F</tmp> is used.
++If it is set, then is used to store temporary sockets and PID files.
++Otherwise, F</tmp> is used.
+ 
+ See also L</guestfs_get_sockdir>,
+ L<http://www.freedesktop.org/wiki/Specifications/basedir-spec/>.