Alan Coopersmith wrote:
> Alan Coopersmith wrote:
>> I am sponsoring this fasttrack for Ric Aleshire & Lokanath Das of the
>> Trusted Extensions team, and have set the timeout for one week from today,
>> Thursday, August 14.
>
> As this case has not yet reached a consensus and we are waiting for a
> decision on the handling of cross-zone Unix domain sockets, I have set
> the status to "waiting need spec" and will restart the timer once we
> have that decision.
The various parties have come to consensus off-line and a new spec is put
forth, so I am restarting the timer, and will let it run until the end of
the day Friday, August 22, unless someone would like to request more time.
The revised spec is provided in the case directory in the file named "spec".
A version with changebars follows - the change to previous is that Unix
domain sockets will be able to communicate across all types of zones whenever
their endpoints are made available in both zones, except as restricted by TX
labeled data policies.
This project continues to only make the Unix domain sockets for X11
communications automatically available in TX labeled zones. For all
other types of zones, either the system admin or later projects from
the teams responsible for those zone types will have to make the sockets
available if cross-zone X11 communication is desired across them.
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
-------------------------------------------------------------------------------
This fast-track makes changes related to Trusted Extensions in the
handling and use of Unix Domain sockets for X11 clients. A micro/patch
release binding is requested.
Problem
The X11 server supports several transports: UNIX domain sockets, pipes,
or TCP networking. In Trusted Extensions, X11 clients run in labeled
zone and cannot use UNIX domain sockets to reach the X11 server in the
global zone. Therefore they must rely on TCP connections which implies
that each zone must have a network interface. A common TX configuration
is to use "all-zones" interfaces, so that labeled zones and the global
zone can share the same IP address. Labeled zone clients set their
DISPLAY environment to the hostname of the global zone to connect to
the X11 server. For example:
DISPLAY=foobar:0
To avoid the requirement of configuring a network interface in each
zone, the loopback interface is now configured automatically as an
all-zones interface. Starting with Nevada build 82 and S10u6_03, it can
be used by labeled zone clients for TCP X11 connections. This allowed
settings like:
DISPLAY=localhost:0
or
DISPLAY=:0
to both work, as well. In the latter case, it worked because Xlib fell
back to try localhost after UNIX domain failed.
However, starting in Nevada build 85, the X library has been changed to
use UNIX domain sockets if the DISPLAY variable matches the local
hostname (as it does with labeled zones). When a connection fails,
it retries up to 4 more times, sleeping between each try, before falling
back to another connection type (such as TCP).
As a result, TX clients either fail to connect or take 15 seconds to
make the connection. The only workaround we have now is to explicitly
set the DISPLAY to localhost:0.
Solution
| a) Fix bug preventing cross-zone usage of UNIX domain sockets
|
| The original zones case specified that there should be no restrictions
| on UNIX domain socket communication between zones if the endpoints
| were made available in both zones. [1] This was broken in the
| implementation after the initial integration and will be fixed for all
| types of zones by this project.
|
| However, a restriction will be added for TX that prevents labeled
| non-global zones from communicating with each other via UNIX domain
| sockets, as is already done for doors.
|
| [1] Chapter 13 of PSARC 2002/174 Design Spec:
|
http://opensolaris.org/os/community/arc/caselog/2002/174/zones-design.spec.opensolaris.pdf
b) The X11 server will use a new rendezvous directory when TX is enabled.
Normally, the UNIX domain rendezvous files are in the directory /tmp/.X11-unix.
To allow the rendezvous files to be exported to labeled zones, the directory
pathname will be changed to:
/var/tsol/door/.X11-unix.
This directory pathname is chosen because /var/tsol/doors is already
loopback mounted into every labeled zone, to export the door rendezvous
files for nscd and the label daemon. To make this change transparent to
clients, a symbolic link to /tmp/.X11-unix will be created in each zone,
including the global zone.
This solution will permit labeled zone X11 clients to use any of the
various DISPLAY environment variables they have been using previously,
and not require the use of TCP.
