Open ananthb opened 1 year ago
Can you please add your name to CONTRIBUTORS.txt? Thanks!
I'm not familiar with VSOCK sockets, gonna need to wait for @bertjwregeer to review this.
Also note the failing ci/cd jobs that need to be fixed.
Can you please add your name to CONTRIBUTORS.txt? Thanks!
Sure thing.
I'm not familiar with VSOCK sockets,...
From waitress' point of view, they should be identical to UNIX sockets. The vsock address family is available to Linux VMs and the host machine when using the KVM virtualisation module. It allows the host machine and any VMs running on it to communicate without using the network. So its only available locally on Linux.
Also note the failing ci/cd jobs that need to be fixed.
Fixed.
Fixed the new failure by limiting this feature to only CPython on Linux as it is unavailable elsewhere.
Adding a bit of context here... there's an upcoming paradigm called secure enclaves, where cloud providers set up specially isolated and secured VMs with no writable disks, no network access, and signed code execution.
These special VMs are suitable for processing very sensitive data like medical records, credit cards or anything else that too sensitive to want to process on a normal machine.
When running these VMs have no TCP sockets in them. The only way to communicate with them from the host machine is over a VSOCK socket. Works pretty much the same as any other socket, but is a different address family (integer, not IP address) and port scheme.
We want to run a Python server inside this secure VM, and asking waitress to listen on a VSOCK is by far the cleanest solution we've seen so far. We're dogfooding this PR internally.
I've merged main
into this branch because I wanted to run CI/CD on this. However there are multiple failing tests. If you could fix it so that the tests successfully run on Github CI/CD then I would be happy to move forward with this.
@digitalresistor I can fix those tests if you're still interested.
Add support for VSOCK stream sockets.
Fixes: #408