From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Denis V. Lunev" Subject: Re: [patch 0/1][NETNS49] Make af_unix autobind per namespace Date: Wed, 03 Oct 2007 12:14:07 +0400 Message-ID: <47034F4F.5000901@sw.ru> References: <20071002151846.827206013@mai.toulouse-stg.fr.ibm.com> <4702AF67.1010707@fr.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4702AF67.1010707-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Daniel Lezcano Cc: containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org, den-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org, "Eric W. Biederman" , benjamin.thery-6ktuUTfB/bM@public.gmane.org List-Id: containers.vger.kernel.org Daniel Lezcano wrote: > Eric W. Biederman wrote: >> Daniel Lezcano writes: >> >>> The following patch change autobind fonction to use the ordernum >>> from the network namespace instead of using the local static variable. >> >> Why do we care? >> Information leak? >> Some application is expecting a predictable autobind value? >> >> Just skimming the code it looks like it will work correctly without >> this. > > I think my summary is ... too short :) > > I don't see any applications taking care of this. If they ask for an > abstract socket, then they don't care about the bind result. So > probably, the patchset is totally useless. > > But from the POV of the checkpoint/restart, we should check if this > value is somewhere visible from userspace and so storable by an > application. we do not care with this in checkpointing. One namespace socket does not see other namespace socket Regards, Den