Abstract unix sockets and session socket address
alexl at redhat.com
Tue Dec 16 01:39:32 PST 2014
I'm currently working on a desktop "app" system using container
technologies, and I'm running into an issue with dbus use of abstract
sockets. In the long run I want to do fully sandboxed apps, which
implies kdbus. However, at the moment I want to just use the container
aspect to ease deployment of apps (use a separate runtime for the app
and the host), and as such I want the apps to be able to talk to dbus.
In general, abstract sockets are a bad idea whenever namespaces are
involved. Abstract sockets exist in a global namespace for each network
namespace in use. This means that you can't have an app in its own
network namespace and still talk to the session bus. It also means that
if you're sharing the network namespace with the host there is no way to
disallow the app access to the session bus (or any other service on the
host using abstract sockets).
Regular non-abstract sockets are a much better fit for this. Since they
exist in the regular filesystem tree they are naturally namespaced via
the filesystem namespace, and you can easily "transplant" any particular
socket from one namespace to the other using things like bind mounts. It
also allows filesystem permission checks on the sockets.
In a modern desktop linux the natural place to put the session socket is
in XDG_RUNTIME_DIR, as this is a ephemeral location tied to the user
login. In fact, the cleanup semantics of this directory solves the
cleanup problems that caused dbus to use abstract sockets to begin with.
I'm attaching a patch that lets you specify runtime=yes, or
noabstract=yes in the listen address. With this you can have in your
In fact, I would propose that we make this the new default, as its a
no-op if XDG_RUNTIME_DIR is not set.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3366 bytes
Desc: not available
More information about the dbus