Names pipes may be used between zones when Trusted Extensions is enabled. The 
policy for data flow between zones is generally more restrictive when TX is 
enabled, but in this case it is slightly more open. The specific policy 
difference is implemented in the function tsol_fifo_access().

This policy is also depends a few other assumptions, such as that lofs mount 
are established between zones when they are booted. One of the problems in the 
standard implementation is that the fifofs logic doesn't follow lofs mounts to 
find the real vnode. So the connection logic doesn't find a match since the 
pathnames are in different file systems. The following code in fifovp() was 
needed to record the proper vnode.

    405      / * In Trusted Extensions cross-zone named pipes
    406          * are supported subject to the MAC policy. Since
    407          * cross-zone access is done using lofs mounts,
    408          * it is necessary to use the real vnode so that
    409          * matching ends of the fifo can find each other.
    410          */
    411         if (is_system_labeled()) {
    412                 vnode_t *rvp;
    414                 if (VOP_REALVP(vp, &rvp) == 0)
    415                         vp = rvp;
    416         }
This message posted from
zones-discuss mailing list

Reply via email to