Abstract unix sockets and session socket address

Thiago Macieira thiago at kde.org
Tue Dec 16 08:41:48 PST 2014

On Tuesday 16 December 2014 10:39:32 Alexander Larsson wrote:
> I'm currently working on a desktop "app" system using container
> technologies, and I'm running into an issue with dbus use of abstract
> sockets. In the long run I want to do fully sandboxed apps, which
> implies kdbus. However, at the moment I want to just use the container
> aspect to ease deployment of apps (use a separate runtime for the app
> and the host), and as such I want the apps to be able to talk to dbus.
> In general, abstract sockets are a bad idea whenever namespaces are
> involved. Abstract sockets exist in a global namespace for each network
> namespace in use. This means that you can't have an app in its own
> network namespace and still talk to the session bus. It also means that
> if you're sharing the network namespace with the host there is no way to
> disallow the app access to the session bus (or any other service on the
> host using abstract sockets).

I'm not sure I understand you here. If you're in the same network namespace, 
shouldn't you be allowed to access all the networking resources of that 
namespace? Conversely, if you have a different network namespace, resources may 
or may not be available depending on how the namespacing is done.

That said, the session bus socket is a network resource. If an app is in a 
different namespace, it stands to reason it may not be allowed to access other 
namespaces' resources.

> Regular non-abstract sockets are a much better fit for this. Since they
> exist in the regular filesystem tree they are naturally namespaced via
> the filesystem namespace, and you can easily "transplant" any particular
> socket from one namespace to the other using things like bind mounts. It
> also allows filesystem permission checks on the sockets.

Unless you have a different filesystem namespace, in which case it will break. I 
don't see how one is different from the other here.

> In a modern desktop linux the natural place to put the session socket is
> in XDG_RUNTIME_DIR, as this is a ephemeral location tied to the user
> login. In fact, the cleanup semantics of this directory solves the
> cleanup problems that caused dbus to use abstract sockets to begin with.
> I'm attaching a patch that lets you specify runtime=yes, or
> noabstract=yes in the listen address. With this you can have in your
> session.conf:
>   <listen>unix:tmpdir=/tmp,runtime=yes</listen>
> In fact, I would propose that we make this the new default, as its a
> no-op if XDG_RUNTIME_DIR is not set.

That looks good to me.

Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
   Software Architect - Intel Open Source Technology Center
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

More information about the dbus mailing list