On Fri, Oct 2, 2009 at 05:31, Neil Brown <neilb@xxxxxxx> wrote: > On Thursday October 1, dan.j.williams@xxxxxxxxx wrote: >> Neil Brown wrote: >> >> Two strategies for this situation are to stop mdmon after mounting the >> >> rootfs, or just let it be terminated as a result of starting a new >> >> instance from the final rootfs. The latter approach brings up the >> >> question of how to communicate with the initramfs-mdmon-instance to make >> >> sure we do not end up with two mdmon instances servicing the same >> >> container. The proposed solution here is to switch to >> >> abstract-namespace-sockets removing the need to drop a socket file. >> > >> > What exactly do you mean by "abstract-namespace-sockets"?? >> >> Harald pointed me to this. It's the hack that udev uses for its control >> socket [1]. You create a unix domain socket as usual but make the first >> character of the file name a NULL byte. > > ooohhhh..... that is soooo ugly! > And given that anyone can bind to any 'abstract' name, there is room > for a local denial-of-service attack there too. > > I guess we could use it if we really had to, but I'd rather avoid it > if possible. Right, you can only do that, if you are 100% sure, that the service always runs and binds the socket before any other user can log in, like udev does. Kay -- To unsubscribe from this list: send the line "unsubscribe initramfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
