-
Notifications
You must be signed in to change notification settings - Fork 6.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Windows: Threads created by RocksDB are not impersonated #2036
Comments
cc @yuslepukhin for window question. |
Closing this via automation due to lack of activity. If discussion is still needed here, please re-open or create a new/updated issue. |
I think for windows users which are using rocksdb within services and so on it is very important. |
We can keep it open but we don't have much windows expertise within our team. We mostly rely on @yuslepukhin for supporting RocksDB on windows. |
@soerendd I have done something similar to support memory isolation with rocksdb internally. Basically, we wanted to have that every db instance within the process has its own memory pool where the allocation would come from. However, as you know there are global things such as environment and the threadpool which can do things on behalf of different instances. Here is the approach that I used and you can use too.
I have striven to avoid modification of the main source since mine is , and your's as well, not a common case though. It seems to me that mine is more common than yours since you care about security. :) |
So in the end I get the impression that rocksdb is not really targeting the windows platform. Otherwise this issue would be left active. Shall I create a pr for the implementation? |
@soerendd PRs are always welcome if they have tests and improve the situation :-) |
presumptions:
rocksdb opens the database with success. Some functions (compacting?) are failing because they try to open files or try to move (rename) files because they run in a background thread. On windows newly created threads are running as the process user (and not as a impersonated user)
This is somewhat inconsistent, because there is no error when opening the database and also when inserting values (sometimes inserts fail - because files needs to be created/moved)
Solution could be that the database instance stores the impersonation (DuplicateTokenEx). Every tasks that starts for that specific database also gets that token and impersonates at the very beginning of execution of the task and reverts after the work is done.
PS: Thank you all for this wonderful piece of software.
The text was updated successfully, but these errors were encountered: