Date: Wed, 22 Sep 1999 15:28:39 +0200 From: Graham Wheeler <gram@cequrux.com> To: hackers@FreeBSD.ORG Subject: Re: Domain sockets and chroot Message-ID: <37E8D987.42DBA2E0@cequrux.com> References: <37E8D481.5A8C484A@cequrux.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Graham Wheeler wrote: > > Hi all > > I have an interesting problem. I have two processes that need to > communicate via a domain socket. One of the processes (the client) > runs in a chrooted environment. > > The server creates a domain socket to listen for requests with the > path /cage/tmp/server. The client runs chrooted in the /cage directory, > and creates a domain socket /tmp/client.<pid>. It sends a request to > the server with a sendto() specifying the socket address /tmp/server. > The server received the request okay, but gets the sender socket address > /tmp/client.<pid> ; i.e. it is the chrooted view of the client socket. > If it tries to send back a response, it fails (no such file or > directory). > > I have tried having the server prepend /cage to the client socket > address before sending the response, but this has made no difference, > even though (in the non-chrooted view) /cage/tmp/client.<pid> clearly > does exist. I've solved this part at least - I wasn't increasing the socket address size argument in the sendto(). Nontheless, it still strikes me as a problem that the two processes can't communicate with the socket address and size being tweaked manually in between. Solving this so that the translation is done automatically could be tricky, though... -- Dr Graham Wheeler E-mail: gram@cequrux.com Cequrux Technologies Phone: +27(21)423-6065/6/7 Firewalls/Virtual Private Networks Fax: +27(21)24-3656 Data/Network Security Specialists WWW: http://www.cequrux.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37E8D987.42DBA2E0>