From eugen@grosbein.net Mon Dec 13 16:53:51 2021
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 5370318D9432
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Mon, 13 Dec 2021 16:54:08 +0000 (UTC)
	(envelope-from eugen@grosbein.net)
Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JCSJw0QQYz4WWv;
	Mon, 13 Dec 2021 16:54:07 +0000 (UTC)
	(envelope-from eugen@grosbein.net)
Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged))
	by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 1BDGrxv4082093
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 13 Dec 2021 16:53:59 GMT
	(envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: arrowd@freebsd.org
Received: from [10.58.0.10] (dadvw [10.58.0.10])
	by eg.sd.rdtc.ru (8.16.1/8.16.1) with ESMTPS id 1BDGrwL1062737
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT);
	Mon, 13 Dec 2021 23:53:58 +0700 (+07)
	(envelope-from eugen@grosbein.net)
Subject: Re: What to use in place of abstract unix sockets?
To: Gleb Popov <arrowd@freebsd.org>, Alan Somers <asomers@freebsd.org>
References: <CALH631kYAz+_=p6VUhxzx0tz8eox804PCK5A9POxQkZTdThZCQ@mail.gmail.com>
 <F0BE714E-E25B-4A49-AA6E-B0E906374446@dons.net.au>
 <CALH631m8P_NG3nTZ1JQ2hhZMTrAMuuGjS8Ahz_qDMu1bFDCzkw@mail.gmail.com>
 <CAOtMX2ip78bYHHLmR0DC7mvy3yBkH0i74vtHQ=Lu-mFVLAtB=w@mail.gmail.com>
 <CALH631mxFTXX-F-fosnwQxdjBnzKN6Fy_NzzUQ=rgQ2ADJPCfA@mail.gmail.com>
Cc: freebsd-hackers <freebsd-hackers@freebsd.org>
From: Eugene Grosbein <eugen@grosbein.net>
Message-ID: <91be3e0c-6c87-ef71-c54d-9049ab1ead84@grosbein.net>
Date: Mon, 13 Dec 2021 23:53:51 +0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
In-Reply-To: <CALH631mxFTXX-F-fosnwQxdjBnzKN6Fy_NzzUQ=rgQ2ADJPCfA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT
	autolearn=disabled version=3.4.2
X-Spam-Report: 
	* -0.0 SHORTCIRCUIT No description available.
	* -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net
X-Rspamd-Queue-Id: 4JCSJw0QQYz4WWv
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-4.00 / 15.00];
	 REPLY(-4.00)[]
X-Spam: Yes
X-ThisMailContainsUnwantedMimeParts: N

13.12.2021 21:24, Gleb Popov wrote:

> On Sat, Dec 11, 2021 at 8:02 PM Alan Somers <asomers@freebsd.org> wrote:
> 
>> Since socketpair() doesn't work in this case, why not just use a UDP
>> socket bound to 127.0.0.1 ?
>>
> 
> This would introduce a bit of overhead as the packet would pass through the
> IP stack. Another problem is that the current code uses SOCK_STREAM socket
> type, which isn't supported by the UDP protocol. Maybe this would work with
> SCTP?
> Anyways, I'm going to try this only as a last resort.
> 
> OK, so far my options are:
> 1. Mount the directory containing UDS into chroot with nullfs.
> 2. Use PF_INET.
> 3. Do kernel-hacking and implement abstract sockets (as well as
> remount-to-readonly support for nullfs).
> 
> I'd go straight to #3 but with my skills/free time this would take a lot of
> time, so I'm going to try hacking it around with #1 and #2.
> 
> Thanks everyone for all the suggestions.

Is'nt hacking "the client" to open AF_UNIX socket before chroot() an option?