[lxc-devel] [PATCH] Use container specific domain socket name

Mon Apr 15 18:05:54 UTC 2013

Hi Serge,

I was just following your lead as you said you don't wan't any long running
monitor daemon :) Also I'm not sure how does that daemon is going to help
starting multiple containers concurrently using only API. I'm guessing the
first request will cause that daemon to start and it will never end
unless specifically told it to shutdown?

Cheers,

On Mon, Apr 15, 2013 at 1:18 PM, Serge Hallyn <serge.hallyn at ubuntu.com>wrote:

> Quoting Daniel Lezcano (daniel.lezcano at free.fr):
> > On 04/15/2013 07:53 AM, S.Çağlar Onur wrote:
> > > Hi Daniel,
> > >
> > >
> > > On Sun, Apr 14, 2013 at 4:42 PM, Daniel Lezcano
> > > <daniel.lezcano at free.fr <mailto:daniel.lezcano at free.fr>> wrote:
> > >
> > >     On 04/14/2013 09:56 PM, S.Çağlar Onur wrote:
> > >     > Hi all,
> > >     >
> > >     > I had some free time today so I tried to implement something
> using
> > >     > AF_INET messages over loopback broadcast address. I'm not
> including
> > >     > the patch here because gmail web interface damages it and that's
> > >     what
> > >     > I use right now so please use [1] to see it.
> > >     >
> > >     > I'm sending it to get your feedback and will submit it to list
> > >     if you
> > >     > are OK with that approach.
> > >     >
> > >     > P.S: I used 51423 as the port but of course it can be changed
> > >     > accordingly.
> > >     >
> > >     > [1]
> > >     >
> > >
> https://github.com/caglar10ur/lxc-upstream/commit/123b20e2945ed2b4bc9e6e27b9ef398ec8fcae40.patch
> > >
> > >     Thanks for this code !
> > >
> > >     It sounds like the approach seems ok. My concern is the same than
> > >     Serge,
> > >     what can we do to ensure an event was sent by a container ?
> > >
> > >     We don't want someone to send fake events via UDP. We can't
> tolerate a
> > >     simple program messing a container supervisor and all the
> containers
> > >     (running an OS instance).
> > >
> > >     Assuming an user, which is not root, can't build an IP packet, we
> can
> > >     rely on the IP identification number to detect fake packets, no ?
> > >
> > >
> > > I'm not sure about the right answer of that question. I was under the
> > > impression that we are safe since kernel only allows root user to send
> > > broadcast packages over loopback interface but I might
> > > be completely wrong.
> >
> > I don't find a confirmation about this anywhere. Do you have a pointer ?
> > If it is the case, then that's cool because we are safe on this side.
>
> Though since we want unprivileged container use, I don't particularly
> like that.
>
> That's another reason I was hoping to stick with AF_UNIX.  Then we can
> have a monitor socket per lxcpath (/var/lib/lxc, /home/serge/lxcbase,
> etc).
>
> One of the funky solutiosn I was considering was that the first person
> to run lxc-monitor - who has wwrite access to the lxcpath - would simply
> cause a long-running monitor daemon to start, creating the unix socket
> and listening+accepting and forking of handlers.  (lxc-monitor --end
> would kill the listening handler if we wanted, though that should be
> so lightweight as to not matter)
>
> > Is your code tested ? I mean, did you validate monitoring the events
> > works with this approach ?
> >
> > Thanks
> >   -- Daniel
> >
>

-- 
S.Çağlar Onur <caglar at 10ur.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20130415/2335ac7a/attachment.html>