On Mon, 28 Apr 2008 10:40:23 -0300, Miguel Filho email@example.com wrote:
On Mon, Apr 28, 2008 at 9:46 AM, Jean-Paul Calderone firstname.lastname@example.org wrote:
Privileges aren't shed immediately when Application is created. They're shed after privilegedStartService and before startService. You should delay any potentially sensitive operations until startService (ie, don't do them in ACLPolicyDaemonFactory.__init__ which is when I assume you meant you were opening that file).
Indeed, I'm doing it from ACLPolicyDaemonFactory.__init__. Should I implement startService in my Factory class or somewhere else?
Only services which are children of the application get startService called on them. So to do it this way, you'll need a service in that situation. Factories get startFactory called on them when they're bound to their first port (and stopFactory when they're unbound from their last). If you're binding a privileged port, though, then this will happen while the process is still running as root, so it's not as reliable as using startService.
To make a service, you need to implement IService:
You may also want to give the service a reference to your factory, or vice versa, so that they can share state or call methods on each other or whatever else is necessary.