From: Cedric Le Goater <clg-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
To: "Denis V. Lunev" <den-3ImXcnM4P+0@public.gmane.org>
Cc: containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org,
den-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
benjamin.thery-6ktuUTfB/bM@public.gmane.org
Subject: Re: [patch 0/1][NETNS49] Make af_unix autobind per namespace
Date: Wed, 03 Oct 2007 15:11:44 +0200 [thread overview]
Message-ID: <47039510.7040001@fr.ibm.com> (raw)
In-Reply-To: <47034F4F.5000901-3ImXcnM4P+0@public.gmane.org>
Denis V. Lunev wrote:
> Daniel Lezcano wrote:
>> Eric W. Biederman wrote:
>>> Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org> writes:
>>>
>>>> The following patch change autobind fonction to use the ordernum
>>>> from the network namespace instead of using the local static variable.
>>> Why do we care?
>>> Information leak?
>>> Some application is expecting a predictable autobind value?
>>>
>>> Just skimming the code it looks like it will work correctly without
>>> this.
>> I think my summary is ... too short :)
>>
>> I don't see any applications taking care of this. If they ask for an
>> abstract socket, then they don't care about the bind result. So
>> probably, the patchset is totally useless.
>>
>> But from the POV of the checkpoint/restart, we should check if this
>> value is somewhere visible from userspace and so storable by an
>> application.
>
> we do not care with this in checkpointing. One namespace socket does not
> see other namespace socket
my 2 cnts,
when 'restarting' a socket bound to an abstract name, we will have
a EADDRINUSE if we try to rebind it to an abtract name which is
already in use by a socket in a another namespace ?
it seems to me that this is an identifier and like any identifier
it should be private to the namespace, which probably means having
unix_abstract_socket_table[] per net namespace.
Cheers,
C.
next prev parent reply other threads:[~2007-10-03 13:11 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-02 15:18 [patch 0/1][NETNS49] Make af_unix autobind per namespace Daniel Lezcano
2007-10-02 15:18 ` [patch 1/1][NETNS49] Make af_unix autobind per network namespace Daniel Lezcano
[not found] ` <20071002151846.827206013-WECHFHqYCmGD/CxQmPlnQ0FT0OZdM7KVQQ4Iyu8u01E@public.gmane.org>
2007-10-02 15:31 ` [patch 0/1][NETNS49] Make af_unix autobind per namespace Daniel Lezcano
2007-10-02 17:18 ` Eric W. Biederman
[not found] ` <m1fy0tjv04.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-10-02 20:51 ` Daniel Lezcano
[not found] ` <4702AF67.1010707-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-10-02 22:43 ` Eric W. Biederman
[not found] ` <m1myv1gmsl.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-10-03 8:35 ` Daniel Lezcano
2007-10-03 8:14 ` Denis V. Lunev
[not found] ` <47034F4F.5000901-3ImXcnM4P+0@public.gmane.org>
2007-10-03 13:11 ` Cedric Le Goater [this message]
[not found] ` <47039510.7040001-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-10-03 14:36 ` Eric W. Biederman
[not found] ` <m1przwe03e.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-10-03 15:34 ` Cedric Le Goater
2007-10-03 8:11 ` Denis V. Lunev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47039510.7040001@fr.ibm.com \
--to=clg-nmtc/0zbporqt0dzr+alfa@public.gmane.org \
--cc=benjamin.thery-6ktuUTfB/bM@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=den-3ImXcnM4P+0@public.gmane.org \
--cc=den-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.