From d1951de9b8fc90db7d3fb72764e13bc05304c1ec Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Sun, 2 Oct 2022 11:43:11 +0100 Subject: [PATCH] spec: Mention the consequences of abstract sockets when using namespaces Signed-off-by: Simon McVittie --- doc/dbus-specification.xml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml index 62c8e89df..88cb0557b 100644 --- a/doc/dbus-specification.xml +++ b/doc/dbus-specification.xml @@ -3733,6 +3733,8 @@ on platforms that support it: treating "tmpdir" as being equivalent to "dir" is a valid implementation, and recent versions of the reference implementation of D-Bus do this. + See "abstract", below, for more details of the consequences + of using abstract sockets. Like "dir", this key can only be used in server addresses, not in client addresses; the resulting client address will have the "abstract" or "path" key instead. @@ -3746,6 +3748,21 @@ resembling a path but unconnected to the filesystem namespace. This key is only supported on platforms with abstract Unix sockets, of which Linux is the only known example. + Implementors should note that on Linux, abstract sockets are + namespaced according to + network namespaces + rather than being part of the filesystem. + This means that abstract sockets are unaffected by mechanisms + like + chroot(2) + and + mount namespaces, + which can lead to a sandbox escape if a sandboxing + implementation alters the sandboxed process's view of the + filesystem but shares the network namespace with the host. -- 2.47.3