On 08/21/2013 03:06 PM, Eric W. Biederman wrote:
Gao feng <gaofeng(a)cn.fujitsu.com> writes:
> cc libvirt-list
>
> On 08/21/2013 01:30 PM, Eric W. Biederman wrote:
>> Gao feng <gaofeng(a)cn.fujitsu.com> writes:
>>
>>> Unix sockets are private resources of net namespace,
>>> allowing one net namespace to access to other netns's unix
>>> sockets is meaningless.
>>
>> Allowing one net namespace to access another netns's unix socket is
>> deliberate behavior. This is a desired and useful feature, and
>> only a misconfiguration of visible files would allow this to be a
>> problem.
>>
>>> I'm researching a problem about shutdown from container,
>>> if the cotainer shares the same file /run/systemd/private
>>> with host, when we run shutdown -h xxx in container, the
>>> shutdown message will be send to the systemd-shutdownd
>>> through unix socket /run/systemd/private, and because
>>> systemd-shutdownd is running in host, so finally, the host
>>> will become shutdown.
>>
>> The simple answer is don't do that then. I can see no reason
>> to share /run outside of the container unless you want this kind of
>> behavior.
>>
>> Quite frankly I want this behavior if I am using network namespaces
>> to support multiple routing contexts. That is if I am using scripts
>> like:
>>
>> ip netns add other
>> ip netns exec other script
>>
>> I don't want to have to remember to say
>> ip netns orig exec shutdown -h now
>>
>> There are more compelling uses and there is no cost in supporting this
>> in the kernel.
>>
>> What kind of misconfiguration caused someone to complain about this?
>>
>
> libvirt lxc allows user to set up a container which shares the same root
> directory with host.
>
> seems like the unix sockets whose sun_path is an abstract socket address
> are net namespace aware.
>
> Should we use "abstract" type of address instead of a file system pathname
> for systemd in this case?
I suspect libvirt should simply not share /run or any other normally
writable directory with the host. Sharing /run /var/run or even /tmp
seems extremely dubious if you want some kind of containment, and
without strange things spilling through.
right now I only take note of the unix socket /run/systemd/private,
but there may have many similar unix sockets, they can exist in any
path. the strange problems will still happen.
anyway, I will send a patch to setup a fresh tmpfs for the /run directory of
container first.
Eric, Thanks for your help!