Abstract namespace for domain sockets not supported
CategoryFixed. Fixed in: 499 for PlashRelease1.18
- Found in: 1.17
When use of an "abstract namespace" is specified in a call to bind() or connect(), PlashGlibc interprets the socket name as an empty pathname, rather than a name in the abstract namespace (see DomainSocketAbstractNamespace for background).
This means, for example, that dbus-launch fails under Plash. (By default, dbus is configured to use the abstract namespace.)
Fix
The current sandboxing technique (ChrootSetuidJail) does not allow us to restrict access to the abstract domain socket namespace (although we can restrict access to the pathname-based domain socket namespace), just as we cannot restrict binding to and connecting to TCP sockets.
PlashGlibc should be changed so that connect()/bind() drop through to the corresponding system calls when the abstract namespace is used, just as they do when other socket types (such as TCP) are used.