I am sponsoring this fasttrack for Ric Aleshire & Lokanath Das of the
Trusted Extensions team, and have set the timeout for one week from today,
Thursday, August 14.
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
Template Version: @(#)sac_nextcase 1.66 04/17/08 SMI
This information is Copyright 2008 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
Unix Domain Sockets for X11 clients in Trusted Extensions
1.2. Name of Document Author/Supplier:
Author: Richard Aleshire
1.3 Date of This Document:
06 August, 2008
4. Technical Description
This fast-track makes changes related to Trusted Extensions in the
handling and use of Unix Domain sockets for X11 clients. A micro/patch
release binding is requested.
Problem
The X11 server supports several transports: UNIX domain sockets, pipes,
or TCP networking. In Trusted Extensions, X11 clients run in labeled
zone and cannot use UNIX domain sockets to reach the X11 server in the
global zone. Therefore they must rely on TCP connections which implies
that each zone must have a network interface. A common TX configuration
is to use "all-zones" interfaces, so that labeled zones and the global
zone can share the same IP address. Labeled zone clients set their
DISPLAY environment to the hostname of the global zone to connect to
the X11 server. For example:
DISPLAY=foobar:0
To avoid the requirement of configuring a network interface in each
zone, the loopback interface is now configured automatically as an
all-zones interface. Starting with Nevada build 82 and S10u6_03, it can
be used by labeled zone clients for TCP X11 connections. This allowed
settings like:
DISPLAY=localhost:0
or
DISPLAY=:0
to both work, as well. In the latter case, it worked because Xlib fell
back to try localhost after UNIX domain failed.
However, starting in Nevada build 85, the X library has been changed to
use UNIX domain sockets if the DISPLAY variable matches the local
hostname (as it does with labeled zones). When a connection fails,
it retries up to 4 more times, sleeping between each try, before falling
back to another connection type (such as TCP).
As a result, TX clients either fail to connect or take 15 seconds to
make the connection. The only workaround we have now is to explicitly
set the DISPLAY to localhost:0.
Solution
a) Allow labeled zones to access global zone X11 server via UNIX domain sockets
If Trusted Extensions is enabled, the kernel will permit labeled zones
to connect to global zone clients if the global zone UNIX domain
rendezvous file is made available to the zone via a loopback mount.
b) The X11 server will use a new rendezvous directory when TX is enabled.
Normally, the UNIX domain rendezvous files are in the directory /tmp/.X11-unix.
To allow the rendezvous files to be exported to labeled zones, the directory
pathname will be changed to:
/var/tsol/door/.X11-unix.
This directory pathname is chosen because /var/tsol/doors is already
loopback mounted into every labeled zone, to export the door rendezvous
files for nscd and the label daemon. To make this change transparent to
clients, a symbolic link to /tmp/.X11-unix will be created in each zone,
including the global zone.
This solution will permit labeled zone X11 clients to use any of the
various DISPLAY environment variables they have been using previously,
and not require the use of TCP.
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
X
6.5. ARC review type: FastTrack
6.6. ARC Exposure: open
