UNIX domain sockets on nullfs still broken?
Robert Watson
rwatson at FreeBSD.org
Thu Dec 10 09:43:07 UTC 2009
On Mon, 30 Nov 2009, Ivan Voras wrote:
>> What's the sane solution, then, when the only method of communication is
>> unix domain sockets?
>
> It is a security problem. I think the long-term solution would be to add a
> sysctl analogous to security.jail.param.securelevel to handle this.
>
> I don't think there is a workaround right now.
I'm not sure I agree on the above, hence my comments about nullfs and unionfs.
I see nullfs as intended to provide references (possibly masked to read-only)
to the same fundamental object, and unionfs to provide independence between
different consumers that see objects via different file system mounts. As
such, I'd expect UNIX domain sockets to "work" for inter-jail communication
when using nullfs, and "not work" when using unionfs. It's simply a property
of the implementation of the linkage between VFS and UNIX domain sockets that
they are currently both broken (in fact, someone tried to "fix" it with union
mounts recenty, running into the use-after-free bugs I mentioned, but also
breaking the semantics in my view).
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-hackers
mailing list