Hello mailing list,
Daniel Lezcano wrote a patch to make it possible to connect to a unix
domain socket, which belongs to another network namespace.
The patch from Daniel Lezcano is as follows:
----------------------------------------------------snip-----8<-------
Subject: share af_unix socket through fs
From: Daniel Lezcano <daniel.lezc...@free.fr>
This patch allows to connect to a socket belonging to another
network namespace but visible via the file system.
The 'host' network namespace has to allow another network
namespace to use its sockets via sysctl:
echo 1 > /proc/sys/net/unix/share_via_fs
Signed-off-by: Daniel Lezcano <daniel.lezc...@free.fr>
---
include/linux/sysctl.h | 1 +
include/net/netns/unix.h | 1 +
kernel/sysctl_check.c | 1 +
net/unix/af_unix.c | 4 +++-
net/unix/sysctl_net_unix.c | 9 +++++++++
5 files changed, 15 insertions(+), 1 deletion(-)
Index: linux-2.6/include/net/netns/unix.h
===================================================================
--- linux-2.6.orig/include/net/netns/unix.h
+++ linux-2.6/include/net/netns/unix.h
@@ -7,6 +7,7 @@
struct ctl_table_header;
struct netns_unix {
int sysctl_max_dgram_qlen;
+ bool sysctl_share_via_fs;
struct ctl_table_header *ctl;
};
Index: linux-2.6/net/unix/af_unix.c
===================================================================
--- linux-2.6.orig/net/unix/af_unix.c
+++ linux-2.6/net/unix/af_unix.c
@@ -292,7 +292,8 @@ static struct sock *unix_find_socket_byi
&unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
struct dentry *dentry = unix_sk(s)->dentry;
- if (!net_eq(sock_net(s), net))
+ if (!sock_net(s)->unx.sysctl_share_via_fs &&
+ !net_eq(sock_net(s), net))
continue;
if (dentry && dentry->d_inode == i) {
@@ -2228,6 +2229,7 @@ static int unix_net_init(struct net *net
int error = -ENOMEM;
net->unx.sysctl_max_dgram_qlen = 10;
+ net->unx.sysctl_share_via_fs = false;
if (unix_sysctl_register(net))
goto out;
Index: linux-2.6/net/unix/sysctl_net_unix.c
===================================================================
--- linux-2.6.orig/net/unix/sysctl_net_unix.c
+++ linux-2.6/net/unix/sysctl_net_unix.c
@@ -23,6 +23,14 @@ static ctl_table unix_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec
},
+ {
+ .ctl_name = NET_UNIX_SHARE_VIA_FS,
+ .procname = "share_via_fs",
+ .data = &init_net.unx.sysctl_share_via_fs,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec
+ },
{ .ctl_name = 0 }
};
@@ -41,6 +49,7 @@ int unix_sysctl_register(struct net *net
goto err_alloc;
table[0].data = &net->unx.sysctl_max_dgram_qlen;
+ table[1].data = &net->unx.sysctl_share_via_fs;
net->unx.ctl = register_net_sysctl_table(net, unix_path, table);
if (net->unx.ctl == NULL)
goto err_reg;
Index: linux-2.6/include/linux/sysctl.h
===================================================================
--- linux-2.6.orig/include/linux/sysctl.h
+++ linux-2.6/include/linux/sysctl.h
@@ -297,6 +297,7 @@ enum
NET_UNIX_DESTROY_DELAY=1,
NET_UNIX_DELETE_DELAY=2,
NET_UNIX_MAX_DGRAM_QLEN=3,
+ NET_UNIX_SHARE_VIA_FS=4,
};
/* /proc/sys/net/netfilter */
Index: linux-2.6/kernel/sysctl_check.c
===================================================================
--- linux-2.6.orig/kernel/sysctl_check.c
+++ linux-2.6/kernel/sysctl_check.c
@@ -169,6 +169,7 @@ static const struct trans_ctl_table tran
/* NET_UNIX_DESTROY_DELAY unused */
/* NET_UNIX_DELETE_DELAY unused */
{ NET_UNIX_MAX_DGRAM_QLEN, "max_dgram_qlen" },
+ { NET_UNIX_SHARE_VIA_FS, "share_via_fs" },
{}
};
----------------------------------------------------snap----->8-------
With the kernel version 2.6.33 this patch doesn't work anymore as you
can see here:
----------------------------------------------------snip-----8<-------
u...@host:/usr/src/linux-2.6.33# patch -p1 <
../share-af-unix-socket-sysctl.patch
patching file include/net/netns/unix.h
patching file net/unix/af_unix.c
Hunk #2 succeeded at 2230 (offset 1 line).
patching file net/unix/sysctl_net_unix.c
Hunk #1 FAILED at 23.
Hunk #2 succeeded at 48 (offset -1 lines).
1 out of 2 hunks FAILED -- saving rejects to file
net/unix/sysctl_net_unix.c.rej
patching file include/linux/sysctl.h
Hunk #1 succeeded at 288 (offset -9 lines).
patching file kernel/sysctl_check.c
Hunk #1 FAILED at 169.
1 out of 1 hunk FAILED -- saving rejects to file kernel/sysctl_check.c.rej
----------------------------------------------------snap----->8-------
Does anybody know if an updated version of this patch (working with
2.6.33) exists ?
Thank you very much
Julian Thomé
___________________________________________________________
Der fr�he Vogel f�ngt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail:
http://mail.yahoo.de
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
