[Libguestfs] [PATCH libnbd 2/2] api: Implement local command with systemd socket activation.

Richard W.M. Jones rjones at redhat.com
Fri Sep 27 07:53:05 UTC 2019 

On Thu, Sep 26, 2019 at 04:22:31PM -0500, Eric Blake wrote:
> On 9/26/19 11:40 AM, Richard W.M. Jones wrote:
> >This adds new APIs for running a local NBD server and connecting to it
> >using systemd socket activation (instead of stdin/stdout).
> >
> >This includes interop tests against nbdkit and qemu-nbd which I
> >believe are the only NBD servers supporting socket activation.  (If we
> >find others then we can add more interop tests in future.)
> >
> >The upstream spec for systemd socket activation is here:
> >http://0pointer.de/blog/projects/socket-activation.html
> >---
> 
> >+
> >+  /* Use /tmp instead of TMPDIR because we must ensure the path is
> >+   * short enough to store in the sockaddr_un.  On some platforms this
> >+   * may cause problems so we may need to revisit it.  XXX
> >+   */
> >+  h->sa_tmpdir = strdup ("/tmp/libnbdXXXXXX");
> >+  h->sa_sockpath = strdup ("/tmp/libnbdXXXXXX/sock");
> >+  if (h->sa_tmpdir == NULL || h->sa_sockpath == NULL) {
> >+    SET_NEXT_STATE (%.DEAD);
> >+    set_error (errno, "strdup");
> >+    return 0;
> >+  }
> >+
> >+  if (mkdtemp (h->sa_tmpdir) == NULL) {
> >+    SET_NEXT_STATE (%.DEAD);
> >+    set_error (errno, "mkdtemp");
> >+    return 0;
> >+  }
> >+  len = strlen (h->sa_tmpdir);
> >+  memcpy (h->sa_sockpath, h->sa_tmpdir, len);
> >+
> >+  s = socket (AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
> >+  if (s == -1) {
> >+    SET_NEXT_STATE (%.DEAD);
> >+    set_error (errno, "socket");
> >+    return 0;
> >+  }
> >+
> >+  addr.sun_family = AF_UNIX;
> >+  memcpy (addr.sun_path, h->sa_sockpath, strlen (h->sa_sockpath) + 1);
> 
> What if we used the abstract socket namespace instead?  Then we
> don't have to worry about mkdtmp or cleanup of the socket file.
> True, that may only work on Linux, but we could add an API to query
> if we support socket activation (true on Linux, false on BSD)...

AIUI the abstract socket space is not secure because anyone who can
list it (‘lsof -U’) could connect to the socket.  We'd have to add a
way for nbdkit to check the connecting process has the same UID using
SO_PEERCRED.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v

More information about the Libguestfs mailing list