github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Use path based unix socket for shims

Browse Source 
This allows filesystem based ACLs for configuring access to the socket of a
shim.

Co-authored-by: Samuel Karp <skarp@amazon.com>
Signed-off-by: Samuel Karp <skarp@amazon.com>
Signed-off-by: Michael Crosby <michael@thepasture.io>
Signed-off-by: Michael Crosby <michael.crosby@apple.com>
This commit is contained in:
Michael Crosby
2020-06-24 15:13:21 -04:00
committed by Samuel Karp
parent d852786705
commit bd908acabd
8 changed files with 155 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
runtime/v2/shim/shim_unix.go
View File

@@ -58,15 +58,15 @@ func serveListener(path string) (net.Listener, error) {
l, err = net.FileListener(os.NewFile(3, "socket"))
path = "[inherited from parent]"
} else {
if len(path) > 106 {
return nil, errors.Errorf("%q: unix socket path too long (> 106)", path)
if len(path) > socketPathLimit {
return nil, errors.Errorf("%q: unix socket path too long (> %d)", path, socketPathLimit)
}
l, err = net.Listen("unix", "\x00"+path)
l, err = net.Listen("unix", path)
}
if err != nil {
return nil, err
}
logrus.WithField("socket", path).Debug("serving api on abstract socket")
logrus.WithField("socket", path).Debug("serving api on socket")
return l, nil
}