From: Gao feng <gaofeng@cn.fujitsu.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: netdev@vger.kernel.org, systemd-devel@lists.freedesktop.org,
lxc-devel@lists.sourceforge.net, davem@davemloft.net,
Linux Containers <containers@lists.linux-foundation.org>,
"libvir-list@redhat.com" <libvir-list@redhat.com>
Subject: Re: [PATCH] netns: unix: only allow to find out unix socket in same net namespace
Date: Wed, 21 Aug 2013 15:22:42 +0800 [thread overview]
Message-ID: <52146AC2.5070409@cn.fujitsu.com> (raw)
In-Reply-To: <87wqnfttdf.fsf@xmission.com>
On 08/21/2013 03:06 PM, Eric W. Biederman wrote:
> Gao feng <gaofeng@cn.fujitsu.com> writes:
>
>> cc libvirt-list
>>
>> On 08/21/2013 01:30 PM, Eric W. Biederman wrote:
>>> Gao feng <gaofeng@cn.fujitsu.com> writes:
>>>
>>>> Unix sockets are private resources of net namespace,
>>>> allowing one net namespace to access to other netns's unix
>>>> sockets is meaningless.
>>>
>>> Allowing one net namespace to access another netns's unix socket is
>>> deliberate behavior. This is a desired and useful feature, and
>>> only a misconfiguration of visible files would allow this to be a
>>> problem.
>>>
>>>> I'm researching a problem about shutdown from container,
>>>> if the cotainer shares the same file /run/systemd/private
>>>> with host, when we run shutdown -h xxx in container, the
>>>> shutdown message will be send to the systemd-shutdownd
>>>> through unix socket /run/systemd/private, and because
>>>> systemd-shutdownd is running in host, so finally, the host
>>>> will become shutdown.
>>>
>>> The simple answer is don't do that then. I can see no reason
>>> to share /run outside of the container unless you want this kind of
>>> behavior.
>>>
>>> Quite frankly I want this behavior if I am using network namespaces
>>> to support multiple routing contexts. That is if I am using scripts
>>> like:
>>>
>>> ip netns add other
>>> ip netns exec other script
>>>
>>> I don't want to have to remember to say
>>> ip netns orig exec shutdown -h now
>>>
>>> There are more compelling uses and there is no cost in supporting this
>>> in the kernel.
>>>
>>> What kind of misconfiguration caused someone to complain about this?
>>>
>>
>> libvirt lxc allows user to set up a container which shares the same root
>> directory with host.
>>
>> seems like the unix sockets whose sun_path is an abstract socket address
>> are net namespace aware.
>>
>> Should we use "abstract" type of address instead of a file system pathname
>> for systemd in this case?
>
> I suspect libvirt should simply not share /run or any other normally
> writable directory with the host. Sharing /run /var/run or even /tmp
> seems extremely dubious if you want some kind of containment, and
> without strange things spilling through.
>
right now I only take note of the unix socket /run/systemd/private,
but there may have many similar unix sockets, they can exist in any
path. the strange problems will still happen.
anyway, I will send a patch to setup a fresh tmpfs for the /run directory of
container first.
Eric, Thanks for your help!
next prev parent reply other threads:[~2013-08-21 7:21 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-21 4:31 [PATCH] netns: unix: only allow to find out unix socket in same net namespace Gao feng
[not found] ` <1377059473-25526-1-git-send-email-gaofeng-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-08-21 4:58 ` Gao feng
2013-08-21 5:30 ` Eric W. Biederman
[not found] ` <87d2p7vcdx.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-08-21 6:54 ` Gao feng
[not found] ` <5214641C.9030902-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-08-21 7:06 ` Eric W. Biederman
[not found] ` <87wqnfttdf.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-08-21 7:22 ` Gao feng
2013-08-21 7:22 ` Gao feng [this message]
[not found] ` <52146AC2.5070409-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-08-21 9:51 ` [systemd-devel] " Kay Sievers
[not found] ` <CAPXgP120YUEVnFiD0uPnqeO4x=5oRvHL79-cX5CnmEWc3d5mvQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-08-21 9:56 ` Daniel P. Berrange
2013-08-25 17:16 ` James Bottomley
2013-08-25 17:37 ` Kay Sievers
[not found] ` <CAPXgP115pEE8jxyCqauoMRWui3Qb0fBzPr9L2_SA411=gfnX3w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-08-25 18:16 ` James Bottomley
2013-08-26 1:06 ` Gao feng
[not found] ` <521AAA23.9050604-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-08-26 3:19 ` James Bottomley
2013-08-26 3:35 ` Gao feng
2013-08-26 13:53 ` Serge Hallyn
[not found] ` <521ACCEF.4050101-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-08-26 3:53 ` James Bottomley
2013-08-26 13:53 ` Serge Hallyn
2013-08-21 10:42 ` Eric W. Biederman
2013-08-22 1:36 ` Gao feng
[not found] ` <87haejtjet.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-08-22 1:36 ` Gao feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52146AC2.5070409@cn.fujitsu.com \
--to=gaofeng@cn.fujitsu.com \
--cc=containers@lists.linux-foundation.org \
--cc=davem@davemloft.net \
--cc=ebiederm@xmission.com \
--cc=libvir-list@redhat.com \
--cc=lxc-devel@lists.sourceforge.net \
--cc=netdev@vger.kernel.org \
--cc=systemd-devel@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.