В Срд, 25.01.2006, в 18:47, Herbert Poetzl пишет:
> On Wed, Jan 25, 2006 at 03:35:23PM +0100, Andreas Schultz wrote:
> > Hi,
> >
> > It seems that abstract UNIX sockets "leak" from a vserver. I'm trying to run
> > the same java app inside two vservers and only the first one started
> > succeeds.
> >
> > The critical piece from strace is:
> >
> > 20397 socket(PF_FILE, SOCK_STREAM, 0) = 5
> > 20397 setsockopt(5, SOL_SOCKET, SO_PASSCRED, [7738151124464566273], 4) = 0
> > 20397 bind(5, {sa_family=AF_FILE, [EMAIL
> > PROTECTED]/run/.php-java-bridge_socket}, 110) = -1 EADDRINUSE (Address
> > already in use)
> >
> > Looking at unix_bind() in net/unix/af_unix.c, it would seem that the socket
> > hashes are identical across all vservers and that no additional context
> > check
> > is used. There is a context check in include/net/af_unix.h, but this
> > does not seem to be used when creating sockets from unix_bind().
> >
> > Any ideas?
>
> this should help ...
>
> --- linux-2.6.16-rc1/net/unix/af_unix.c 2006-01-21 18:28:17 +0100
> +++ linux-2.6.16-rc1/net/unix/af_unix.c 2006-01-25 17:22:11 +0100
> @@ -238,6 +238,8 @@ static struct sock *__unix_find_socket_b
> sk_for_each(s, node, &unix_socket_table[hash ^ type]) {
> struct unix_sock *u = unix_sk(s);
>
> + if (!vx_check(s->sk_xid, VX_IDENT|VX_WATCH))
> + continue;
> if (u->addr->len == len &&
> !memcmp(u->addr->name, sunname, len))
> goto found;
>
> thanks for spotting this ...
>
this not a full fix.
this not fix issue for FS based unix sockets.
--
FreeVPS Developers Team http://www.freevps.com
Positive Software http://www.psoft.net
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver
