[systemd-devel] [PATCH] Handle Unix domain socket connections from outside our namespace
Kay Sievers
kay at vrfy.org
Sat Apr 19 04:58:03 PDT 2014
On Thu, Apr 17, 2014 at 4:24 AM, Zbigniew Jędrzejewski-Szmek
<zbyszek at in.waw.pl> wrote:
> On Wed, Apr 16, 2014 at 06:39:07PM +0200, Eelco Dolstra wrote:
>> NixOS uses Unix domain sockets for certain host <-> container
>> interaction; i.e. the host connects to a socket visible in the
>> container's directory tree, where the container uses a .socket unit to
>> spawn the handler program on demand. This worked in systemd 203, but
>> in 212 fails with "foo.socket failed to queue service startup job
>> (Maybe the service file is missing or not a template unit?): No data
>> available".
>>
>> The reason is that getpeercred() now returns ENODATA if it can't get
>> the PID of the client, which happens in this case because the client
>> is not in the same PID namespace. Since getpeercred() is only used to
>> generate the instance name, this patch simply handles ENODATA by
>> creating an instance name "<nr>-unknown".
> Applied, but I changed the order of clauses in the if, because the
> thin 'return k' between the two asprintfs was bother me :)
PID1 crashes with this code, I have reverted the commit for now.
Please have a look.
systemd[1]: Code should not be reached 'Unhandled socket type.'
at src/core/socket.c:684, function
instance_from_socket(). Aborting.
systemd[1]: Caught <ABRT>, dumped core as pid 336.
systemd[1]: Freezing execution.
Thanks,
Kay
More information about the systemd-devel
mailing list