[lxc-devel] [lxd/master] forkproxy: handle mnts for abstract unix sockets

brauner on Github lxc-bot at linuxcontainers.org
Thu Apr 18 23:11:14 UTC 2019


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 445 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190418/13482170/attachment-0001.bin>
-------------- next part --------------
From df4b6752875ab8e0c0e645d53b28b935aa93eded Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Fri, 19 Apr 2019 01:09:33 +0200
Subject: [PATCH] forkproxy: handle mnts for abstract unix sockets

We only need to attach to the mount namespace for non-abstract unix
sockets.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/main_forkproxy.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lxd/main_forkproxy.go b/lxd/main_forkproxy.go
index 6e253d2a66..dc1563d6a7 100644
--- a/lxd/main_forkproxy.go
+++ b/lxd/main_forkproxy.go
@@ -91,6 +91,7 @@ void forkproxy()
 {
 	unsigned int needs_mntns = 0;
 	int connect_pid, listen_pid, log_fd;
+	size_t unix_prefix_len = sizeof("unix:") - 1;
 	ssize_t ret;
 	pid_t pid;
 	char *connect_addr, *cur, *listen_addr, *log_path, *pid_path;
@@ -138,10 +139,14 @@ void forkproxy()
 		    _exit(EXIT_FAILURE);
 	}
 
-	if (strncmp(listen_addr, "unix:", sizeof("unix:") - 1) == 0)
+	// We only need to attach to the mount namespace for
+	// non-abstract unix sockets.
+	if ((strncmp(listen_addr, "unix:", unix_prefix_len) == 0) &&
+	    (listen_addr[unix_prefix_len] != '@'))
 		    needs_mntns |= LISTEN_NEEDS_MNTNS;
 
-	if (strncmp(connect_addr, "unix:", sizeof("unix:") - 1) == 0)
+	if ((strncmp(connect_addr, "unix:", unix_prefix_len) == 0) &&
+	    (connect_addr[unix_prefix_len] != '@'))
 		    needs_mntns |= CONNECT_NEEDS_MNTNS;
 
 	ret = socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, sk_fds);


More information about the lxc-devel mailing list