[lxc-users] Sharing abstract sockets inter-containers ?

Maxime Jourdan raptorteak at gmail.com
Sat Mar 11 13:27:44 UTC 2017


Hey Stewart, thanks for the socket proxy idea! Will definitely give it a go.

2017-03-10 15:18 GMT+01:00 Stewart Brodie <sbrodie at espial.com>:

> Maxime Jourdan <raptorteak at gmail.com> wrote:
>
> > Hello,
> >
> > One of the contained processes on my system exposes its communication
> > interface via an abstract socket. This socket is of the AF_UNIX family,
> > with the particularity of being accessible via a name rather than a
> socket
> > file with a path. This socket obeys to the network namespace rules.
> >
> > Problem is that I need a few other containers to be able to connect to
> > this socket. But at the same time, I require containers to have different
> > network namespaces...
> >
> > Sharing regular AF_UNIX sockets was no big deal because I could just
> > bind-mount the socket path into the various containers. But these
> > abstract, pathless sockets are making it hard to share.
> >
> > A temporary solution has been to "whitelist" this specific socket name
> > inside the kernel directly, right before the namespace equal check, but
> > that's an ugly workaround.
> >
> > Any advice about elegantly sharing asbtract sockets between containers is
> > gladly welcome :).
>
> The main way that I can think of that is non-invasive with respect to the
> kernel is to have a proxy process in the "server" container
> that also has a filesystem based UNIX domain socket (that you can bind
> mount, as usual) that your client can call to obtain a handle to the real
> socket.
>
> Your clients then send a request to the proxy for the socket handle.  Your
> proxy process can open and connect to the abstract the socket and then
> returns the socket handle back to the caller using ancilliary data.
>
> If you're not familiar with that, effectively, it's a way of doing a
> cross-process dup() on a file descriptor.  The key search terms you need
> are: cmsg sendmsg recvmsg SCM_RIGHTS
>
>
> --
> Stewart Brodie
> Senior Software Engineer
> Espial UK
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170311/31feddaa/attachment.html>


More information about the lxc-users mailing list