[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] [hurd] pflocal/socket.c: Support MSG_DONTWAIT in pflocal sen
|
From: |
Justus Winter |
|
Subject: |
Re: [PATCH] [hurd] pflocal/socket.c: Support MSG_DONTWAIT in pflocal send/recv |
|
Date: |
Mon, 08 Aug 2016 23:21:57 +0200 |
|
User-agent: |
Notmuch/0.22+51~gcc1a6d2 (https://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu) |
Richard Braun <rbraun@sceen.net> writes:
> On Mon, Aug 08, 2016 at 04:54:47PM +0200, Justus Winter wrote:
>> Richard Braun <rbraun@sceen.net> writes:
>> > Why not start the translator from the remapped environment too ?
>>
>> No reason, but this has to be implemented. I started working on a
>> library for writing such chrooting translators, then got side-tracked by
>> the complexity of the dir_lookup operations. Currently, remap has a
>> very naive lookup function, fakeroot's is better, but still not
>> sufficient. I made some patches towards unifying and refactoring the
>> logic used in libdiskfs and libnetfs, but these functions are still huge
>> :/
>
> No, i mean, here, in such a specific case, if the parent translator is
> itself running from the remap env, it should used the custom pflocal
> instance, right ?
No, that doesn't help, because binding a unix socket involves setting a
passive translator, and that is still started by the filesystem
"outside" the chrooted environment:
teythoon@hurdbox /tmp % touch 1
teythoon@hurdbox /tmp % remap /servers/socket/1 /tmp/1 -- /bin/bash
bash: cannot make pipe for command substitution: (ipc/mig) bad request message
ID
teythoon@hurdbox:/tmp$ exit
/bin/settrans: fsys_goaway: (ipc/mig) server died
(eh, also it is tricky to set up, cannot use bash right away)
teythoon@hurdbox /tmp % remap /servers/socket/1 /tmp/1 -- /bin/sh
$ settrans -a 1 /hurd/pflocal
teythoon@hurdbox:/tmp$ python3
Python 3.5.2+ (default, Aug 5 2016, 08:07:14)
[GCC 6.1.1 20160705] on gnu0
Type "help", "copyright", "credits" or "license" for more information.
>>> import socket
>>> s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
>>> s.bind('/tmp/test.sock')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
OSError: [Errno 1073741873] Cannot assign requested address
>>>
teythoon@hurdbox:/tmp$ showtrans test.sock
/hurd/ifsock
I firmly believe that the way to proceed is to teach such chrooting
translators to detect that a node has a passive translator record, and
instead of letting the filesystem start it, it must start the translator
on its own. Not only gives this much stronger isolation, it is also
necessary for correctness.
Justus
signature.asc
Description: PGP signature
- Re: [PATCH] [hurd] pflocal/socket.c: Support MSG_DONTWAIT in pflocal send/recv, Esa Peuha, 2016/08/07
- Re: [PATCH] [hurd] pflocal/socket.c: Support MSG_DONTWAIT in pflocal send/recv, Richard Braun, 2016/08/07
- Re: [PATCH] [hurd] pflocal/socket.c: Support MSG_DONTWAIT in pflocal send/recv, Christian Seiler, 2016/08/08
- Re: [PATCH] [hurd] pflocal/socket.c: Support MSG_DONTWAIT in pflocal send/recv, Justus Winter, 2016/08/08
- Re: [PATCH] [hurd] pflocal/socket.c: Support MSG_DONTWAIT in pflocal send/recv, Christian Seiler, 2016/08/08
- Re: [PATCH] [hurd] pflocal/socket.c: Support MSG_DONTWAIT in pflocal send/recv, Justus Winter, 2016/08/08
- Re: [PATCH] [hurd] pflocal/socket.c: Support MSG_DONTWAIT in pflocal send/recv, Richard Braun, 2016/08/08
- Re: [PATCH] [hurd] pflocal/socket.c: Support MSG_DONTWAIT in pflocal send/recv, Justus Winter, 2016/08/08
- Re: [PATCH] [hurd] pflocal/socket.c: Support MSG_DONTWAIT in pflocal send/recv, Richard Braun, 2016/08/08
- Re: [PATCH] [hurd] pflocal/socket.c: Support MSG_DONTWAIT in pflocal send/recv,
Justus Winter <=
Re: [PATCH] [hurd] pflocal/socket.c: Support MSG_DONTWAIT in pflocal send/recv, Olaf Buddenhagen, 2016/08/09