On Thu, Dec 11, 2025 at 06:42:05PM +0000, Chaney, Ben wrote: > > > On 12/9/25, 1:55 PM, "Peter Xu" <[email protected] > <mailto:[email protected]>> wrote: > > > On Mon, Dec 08, 2025 at 07:32:41PM +0000, Chaney, Ben wrote: > > > > > > On 12/5/25, 10:13 AM, "Peter Xu" <[email protected] > > > <mailto:[email protected]> <mailto:[email protected] > > > <mailto:[email protected]>>> wrote: > > > > > > > > > > Maybe you can stick with -incoming defer, then it'll be after step [3], > > > > which will inherit the modified uid, and mgmt doesn't need to bother > > > > monitoring. > > > > > > I tried this approach, but It doesn't look like it is possible to create > > > the > > > cprsocket later with -incoming defer. > > > > > > You'll still need to chmod for the cpr socket. "defer" will still help the > > main channel to be created with the uid provided. > > Thanks for the pointers. I was able to get the incoming defer method > working, but it has much worse performance than the other method. > > Would you be open to a solution where we chown only the migration > sockets, or would that run into similar concerns?
We can evaluate, but before that, could you explain your current solution first? And, what is the performance you mentioned here that is worse? I at least didn't expect it to be downtime, because IIUC what your mgmt needs to do is to chmod on the cpr channel first (during which migration hasn't started), then chmod once more on the main channel after CPR channel migrated and before main channel migration happens (during which VM should be running on src), hence it should have nothing to do with downtime. Thanks, -- Peter Xu
