On Wed, Jan 25, 2006 at 03:35:23PM +0100, Andreas Schultz wrote:
> Hi,
>
> It seems that abstract UNIX sockets "leak" from a vserver. I'm trying to run
> the same java app inside two vservers and only the first one started succeeds.
>
> The critical piece from strace is:
>
> 20397 socket(PF_FILE, SOCK_STREAM, 0) = 5
> 20397 setsockopt(5, SOL_SOCKET, SO_PASSCRED, [7738151124464566273], 4) = 0
> 20397 bind(5, {sa_family=AF_FILE, path=@var/run/.php-java-bridge_socket}, 110) = -1 EADDRINUSE (Address already in use)
>
> Looking at unix_bind() in net/unix/af_unix.c, it would seem that the socket
> hashes are identical across all vservers and that no additional context check
> is used. There is a context check in include/net/af_unix.h, but this
> does not seem to be used when creating sockets from unix_bind().
>
> Any ideas?
this should help ...
--- linux-2.6.16-rc1/net/unix/af_unix.c 2006-01-21 18:28:17 +0100
+++ linux-2.6.16-rc1/net/unix/af_unix.c 2006-01-25 17:22:11 +0100
@@ -238,6 +238,8 @@ static struct sock *__unix_find_socket_b
sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
struct unix_sock *u = unix_sk(s);
+ if (!vx_check(s->sk_xid, VX_IDENT|VX_WATCH))
+ continue;
if (u->addr->len == len &&
!memcmp(u->addr->name, sunname, len))
goto found;
thanks for spotting this ...
best,
Herbert
> Regards
> Andreas
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Wed Jan 25 16:47:28 2006