I have two IPC endpoints: the server part is a system service which calls Endpoint::new and then endpoint.set_security_attributes(SecurityAttributes::empty().allow_everyone_connect().
The client part is a user-level app which does read/write to it. An attempt to write to this endpoint from the client causes "Access denied" system error.
The problem goes away if I use allow_everyone_create and the code is guarded like this:
if cfg!(windows) {
endpoint.set_security_attributes(SecurityAttributes::allow_everyone_create()?);
} else {
endpoint.set_security_attributes(SecurityAttributes::empty().allow_everyone_connect()?);
}
The only difference as far as I can see is FILE_WRITE_DATA vs GENERIC_WRITE.
P.S. Another thing I noticed is that the API around SecurityAttributes is not very consistent: some methods are static, others require &self parameter.
I have two IPC endpoints: the server part is a system service which calls
Endpoint::newand thenendpoint.set_security_attributes(SecurityAttributes::empty().allow_everyone_connect().The client part is a user-level app which does read/write to it. An attempt to write to this endpoint from the client causes "Access denied" system error. The problem goes away if I use allow_everyone_create and the code is guarded like this:
The only difference as far as I can see is
FILE_WRITE_DATAvsGENERIC_WRITE.P.S. Another thing I noticed is that the API around SecurityAttributes is not very consistent: some methods are static, others require
&selfparameter.