Denis V. Lunev wrote: > Daniel Lezcano wrote: >> Eric W. Biederman wrote: >>> Daniel Lezcano <dlezcano@xxxxxxxxxx> writes: >>> >>>> The following patch change autobind fonction to use the ordernum >>>> from the network namespace instead of using the local static variable. >>> Why do we care? >>> Information leak? >>> Some application is expecting a predictable autobind value? >>> >>> Just skimming the code it looks like it will work correctly without >>> this. >> I think my summary is ... too short :) >> >> I don't see any applications taking care of this. If they ask for an >> abstract socket, then they don't care about the bind result. So >> probably, the patchset is totally useless. >> >> But from the POV of the checkpoint/restart, we should check if this >> value is somewhere visible from userspace and so storable by an >> application. > > we do not care with this in checkpointing. One namespace socket does not > see other namespace socket my 2 cnts, when 'restarting' a socket bound to an abstract name, we will have a EADDRINUSE if we try to rebind it to an abtract name which is already in use by a socket in a another namespace ? it seems to me that this is an identifier and like any identifier it should be private to the namespace, which probably means having unix_abstract_socket_table[] per net namespace. Cheers, C. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
