[systemd-devel] [PATCH] Handle Unix domain socket connections from outside our namespace
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Sat Apr 19 11:30:10 PDT 2014
On Sat, Apr 19, 2014 at 01:58:03PM +0200, Kay Sievers wrote:
> On Thu, Apr 17, 2014 at 4:24 AM, Zbigniew Jędrzejewski-Szmek
> <zbyszek at in.waw.pl> wrote:
> > On Wed, Apr 16, 2014 at 06:39:07PM +0200, Eelco Dolstra wrote:
> >> NixOS uses Unix domain sockets for certain host <-> container
> >> interaction; i.e. the host connects to a socket visible in the
> >> container's directory tree, where the container uses a .socket unit to
> >> spawn the handler program on demand. This worked in systemd 203, but
> >> in 212 fails with "foo.socket failed to queue service startup job
> >> (Maybe the service file is missing or not a template unit?): No data
> >> available".
> >>
> >> The reason is that getpeercred() now returns ENODATA if it can't get
> >> the PID of the client, which happens in this case because the client
> >> is not in the same PID namespace. Since getpeercred() is only used to
> >> generate the instance name, this patch simply handles ENODATA by
> >> creating an instance name "<nr>-unknown".
> > Applied, but I changed the order of clauses in the if, because the
> > thin 'return k' between the two asprintfs was bother me :)
>
> PID1 crashes with this code, I have reverted the commit for now.
> Please have a look.
>
> systemd[1]: Code should not be reached 'Unhandled socket type.'
> at src/core/socket.c:684, function
> instance_from_socket(). Aborting.
> systemd[1]: Caught <ABRT>, dumped core as pid 336.
> systemd[1]: Freezing execution.
Yikes. I admit I didn't boot the machine with it... sorry.
Zbyszek
More information about the systemd-devel
mailing list