This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Linux: Implement opensock using Netlink sockets

From: Florian Weimer <fw at deneb dot enyo dot de>
To: Ben Hutchings <ben dot hutchings at codethink dot co dot uk>
Cc: libc-alpha at sourceware dot org
Date: Mon, 18 Jun 2018 19:10:50 +0200
Subject: Re: [PATCH] Linux: Implement opensock using Netlink sockets
References: <20180618105015.5E8B340292859@oldenburg.str.redhat.com> <1529340418.2289.267.camel@codethink.co.uk>

* Ben Hutchings:

> On Mon, 2018-06-18 at 12:50 +0200, Florian Weimer wrote:
>> inet/tst-inet6_scopeid_pton uses __opensock indirectly, to call ioctl
>> with SIOCGIFINDEX, and it still works after this change.
>> 
>> 2018-06-18  Florian Weimer  <fweimer@redhat.com>
>> 
>> 	* sysdeps/unix/sysv/linux/opensock.c (__opensock): Unconditionally
>> 	return a Netlink socket.
>> 	* sysdeps/unix/sysv/linux/s390/opensock.c: Remove file.
> [...]
>
> I agree that we can assume the kernel implements AF_NETLINK, but the
> available socket address families might be restricted by a security
> policy (e.g. systemd's RestrictAddressFamilies property).  I'm not sure
> whether it's safe to assume that they will always allow AF_NETLINK.

If it actually worked, the AF_NETLINK approach seems cleaner in this
regard.  The current code goes hunting for information in /proc (to
avoid loading unwanted kernel modules), which requires a much larger
footprint and is harder to filter.

References:
- [PATCH] Linux: Implement opensock using Netlink sockets
  - From: Florian Weimer
- Re: [PATCH] Linux: Implement opensock using Netlink sockets
  - From: Ben Hutchings

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]