Erik Nordmark wrote: > Glenn Faden wrote: > >> I have tried this already and it doesn't work. I'm pretty sure that >> AF_UNIX doesn't work across zones if the rendezvous file is loopback >> mounted. With respect to named pipes, I was able to get them to work >> for some cross-zone services, but not for X11. When using named pipes >> as the transport, the X server assumes it can share memory with its >> client, which doesn't work. > > > Yes, by design it doesn't work. But one can extend it to work (when > the AF_UNIX pathname or named pipe is loopback mounted into the > non-global zone).
This seems reasonable, but for Trusted Extensions the socket must also support multilevel port semantics. Currently we only can specify this for tcp and udp. > >> On the other hand, vni(7) works fine and has several other advantages >> for Trusted Extensions users. For example, the single interface, >> vni0, can be specified: >> >> ifconfig vni0 all-zones > > > Which IP address do you assign to vni? > It had better be a different address (and subnet perhaps) than any > other IP address in use on the network that you might want to talk to. Yes, the IP address is arbitrary except that this must be on a different subnet. Do you have a recommendation? > >> which allows all zones to share the same hostname and IP address. >> This makes a bunch of fussy X11 applications work properly in zones >> because they think that they local, not remote. It also allows >> services other services that are TCP only to work across zones, like >> remote printing. > > > But using vni has some security issues. > For instance, an attacker on one network (attached to one zone) can > use an IP source route option to jump via the vni interface over to > another zone. > This is why I think it is important to explore non-IP ways for > applications in zones to be able to communicate. At least in the case of Trusted Extensions, I would expect that the network labeling policy would prevent such an attack. > >> Named pipes don't work across zones in standard Solaris because the >> FIFO logic in the kernel doesn't match endpoints through lofs mounts. >> This may apply to AF_UNIX, too. In Trusted Extensions, named pipes >> work as unidirectional conduits which are constrained to only allow >> writing from lower-level zones to higher-level zones. > > > Yes, I played around with this starting with your namefs fix for TX. > I don't think I got AF_UNIX to work quite (got distracted by other > work) and I didn't have X11 work over the named pipe; perhaps this is > the shared memory assumption in the X server. I don't think shared memory is used with AF_UNIX, just named pipes. But I'm not clear how the X server determines whether :0 implies AF_UNIX or named pipes. I think the latter is the default on Solaris now. --Glenn
