From owner-freebsd-hackers  Wed Sep 22  6:29:13 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from citadel.cequrux.com (citadel.cdsec.com [192.96.22.18])
	by hub.freebsd.org (Postfix) with ESMTP id 27C0014D83
	for <hackers@FreeBSD.ORG>; Wed, 22 Sep 1999 06:28:52 -0700 (PDT)
	(envelope-from gram@cequrux.com)
Received: (from nobody@localhost)
	by citadel.cequrux.com (8.9.3/8.9.3) id PAA10686
	for <hackers@FreeBSD.ORG>; Wed, 22 Sep 1999 15:28:45 +0200 (SAST)
Received: by citadel.cequrux.com via recvmail id 10672; Wed Sep 22 15:28:30 1999
Message-ID: <37E8D987.42DBA2E0@cequrux.com>
Date: Wed, 22 Sep 1999 15:28:39 +0200
From: Graham Wheeler <gram@cequrux.com>
Organization: Cequrux Technologies
X-Mailer: Mozilla 4.08 [en] (X11; I; FreeBSD 2.2.8-RELEASE i386)
MIME-Version: 1.0
To: hackers@FreeBSD.ORG
Subject: Re: Domain sockets and chroot
References: <37E8D481.5A8C484A@cequrux.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Graham Wheeler wrote:
> 
> Hi all
> 
> I have an interesting problem. I have two processes that need to
> communicate via a domain socket. One of the processes (the client)
> runs in a chrooted environment.
> 
> The server creates a domain socket to listen for requests with the
> path /cage/tmp/server. The client runs chrooted in the /cage directory,
> and creates a domain socket /tmp/client.<pid>. It sends a request to
> the server with a sendto() specifying the socket address /tmp/server.
> The server received the request okay, but gets the sender socket address
> /tmp/client.<pid> ; i.e. it is the chrooted view of the client socket.
> If it tries to send back a response, it fails (no such file or
> directory).
> 
> I have tried having the server prepend /cage to the client socket
> address before sending the response, but this has made no difference,
> even though (in the non-chrooted view) /cage/tmp/client.<pid> clearly
> does exist.

I've solved this part at least - I wasn't increasing the socket address
size argument in the sendto(). Nontheless, it still strikes me as a
problem that the two processes can't communicate with the socket address
and size being tweaked manually in between. Solving this so that the
translation is done automatically could be tricky, though...


-- 
Dr Graham Wheeler                        E-mail: gram@cequrux.com
Cequrux Technologies                     Phone:  +27(21)423-6065/6/7
Firewalls/Virtual Private Networks       Fax:    +27(21)24-3656
Data/Network Security Specialists        WWW:    http://www.cequrux.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message