From: Simon McVittie Date: Sun, 2 Oct 2022 10:43:11 +0000 (+0100) Subject: spec: Mention the consequences of abstract sockets when using namespaces X-Git-Tag: dbus-1.15.2~11^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d1951de9b8fc90db7d3fb72764e13bc05304c1ec;p=thirdparty%2Fdbus.git spec: Mention the consequences of abstract sockets when using namespaces Signed-off-by: Simon McVittie --- diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml index 62c8e89df..88cb0557b 100644 --- a/doc/dbus-specification.xml +++ b/doc/dbus-specification.xml @@ -3733,6 +3733,8 @@ on platforms that support it: treating "tmpdir" as being equivalent to "dir" is a valid implementation, and recent versions of the reference implementation of D-Bus do this. + See "abstract", below, for more details of the consequences + of using abstract sockets. Like "dir", this key can only be used in server addresses, not in client addresses; the resulting client address will have the "abstract" or "path" key instead. @@ -3746,6 +3748,21 @@ resembling a path but unconnected to the filesystem namespace. This key is only supported on platforms with abstract Unix sockets, of which Linux is the only known example. + Implementors should note that on Linux, abstract sockets are + namespaced according to + network namespaces + rather than being part of the filesystem. + This means that abstract sockets are unaffected by mechanisms + like + chroot(2) + and + mount namespaces, + which can lead to a sandbox escape if a sandboxing + implementation alters the sandboxed process's view of the + filesystem but shares the network namespace with the host.