MEIDUM: unix sock: use my_socketat to create bind socket

As UNIX Domain sockets could be attached to Linux namespaces (see more details
about it from the Linux kernel patch set below:

	https://lore.kernel.org/netdev/m1hbl7hxo3.fsf@fess.ebiederm.org),

it is better to use my_socket_at() in order to create UNIX listener's socket.
my_socket_at() takes in account a network namespace, that may be configured
for a frontend in the bind line:

	frontend fe_foo
		...
		bind uxst@frontend.sock user haproxy group haproxy mode 660 namespace frontend

Like this, namespace aware applications as netstat for example, will see this
listening socket in its 'frontend' namespace and not in the root namespace as
it was before.

It is important to mention, that fixes in Linux kernel referenced above allow
to connect to this listener's socket from the root and from any other
namespace. UNIX Domain socket is protected by its permission set, which must
be set with caution on its inode.

diff --git a/src/sock_unix.c b/src/sock_unix.c
index ef749a53a67057ad4676adf26a41c908cb38ca25..0f9bc9a38d4a4aa4c7ce9981c36e705e7b81c60b 100644 (file)
--- a/src/sock_unix.c
+++ b/src/sock_unix.c
@@ -255,8 +255,8 @@ int sock_unix_bind_receiver(struct receiver *rx, char **errmsg)
        }
        addr.sun_family = AF_UNIX;
 
-       /* WT: shouldn't we use my_socketat(rx->netns) here instead ? */
-       fd = socket(rx->proto->fam->sock_domain, rx->proto->sock_type, rx->proto->sock_prot);
+       fd = my_socketat(rx->settings->netns, rx->proto->fam->sock_domain,
+               rx->proto->sock_type, rx->proto->sock_prot);
        if (fd < 0) {
                err |= ERR_FATAL | ERR_ALERT;
                memprintf(errmsg, "cannot create receiving socket (%s)", strerror(errno));