Date: Thu, 10 Dec 2009 09:43:07 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Ivan Voras <ivoras@freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: UNIX domain sockets on nullfs still broken? Message-ID: <alpine.BSF.2.00.0912100941010.23303@fledge.watson.org> In-Reply-To: <hf0ngp$cpb$1@ger.gmane.org> References: <20091130142950.GA86528@logik.internal.network> <hf0lle$5mk$1@ger.gmane.org> <20091130150127.GA82188@logik.internal.network> <hf0ngp$cpb$1@ger.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 30 Nov 2009, Ivan Voras wrote: >> What's the sane solution, then, when the only method of communication is >> unix domain sockets? > > It is a security problem. I think the long-term solution would be to add a > sysctl analogous to security.jail.param.securelevel to handle this. > > I don't think there is a workaround right now. I'm not sure I agree on the above, hence my comments about nullfs and unionfs. I see nullfs as intended to provide references (possibly masked to read-only) to the same fundamental object, and unionfs to provide independence between different consumers that see objects via different file system mounts. As such, I'd expect UNIX domain sockets to "work" for inter-jail communication when using nullfs, and "not work" when using unionfs. It's simply a property of the implementation of the linkage between VFS and UNIX domain sockets that they are currently both broken (in fact, someone tried to "fix" it with union mounts recenty, running into the use-after-free bugs I mentioned, but also breaking the semantics in my view). Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0912100941010.23303>