search

mpartel / bindfs

Mount a directory elsewhere with changed permissions.
https://bindfs.org/
GNU General Public License v2.0
448 stars 64 forks source link

Add test for Unix socket ancillary data #136

Closed slonopotamus closed 1 year ago

slonopotamus commented 1 year ago

This PR adds test that checks whether socket ancillary data can be properly transmitted through binds-mounted UNIX domain socket.

And in fact it does work on macOS + macFUSE. What makes me sad because I was trying to figure out why apps running inside chroot on top of bindfs-mounted directory that contains a hardlink to mDNSResponder UNIX socket file (sic!) cannot resolve hostnames. The very similar issue is described on stackoverflow, however it isn't clear what is their solution.

Anyway, this test shows that bindfs + macFUSE seem to support this setup properly and I thought it is valuable enough to be added to bindfs testsuite.

mpartel commented 1 year ago

Thanks, but this doesn't seem to work on Linux. Both sides need to open mnt/sock for the connection to succeed, but even then ctl is nil for some reason. It's nil even if both sides open src/sock :raised_eyebrow:

slonopotamus commented 1 year ago

This is very weird. Will try to reread docs/code samples to understand whether my usage of sendmsg/recvmsg is wrong...

slonopotamus commented 1 year ago

I've updated test a bit. It passes on Linux if both server and client use src/sock. It passes on Linux if both server and client use mnt/sock. But it fails with "connect refused" if server uses src/sock while client uses mnt/sock. Even though it does pass on macOS. I'm not sure how why it behaves this way yet.

slonopotamus commented 1 year ago

My Google journey ended up at https://github.com/libfuse/libfuse/issues/199#issuecomment-411042685

The problem is: if we use mount --bind, then socket on both sides (src/mnt) has same device number in stat -c "{%d,%i}". However, if we use bindfs, then socket has different device numbers.

Does it look like something that can be fixed on bindfs side?

slonopotamus commented 1 year ago

Okay, I managed to solve my issue by creating a simple proxy that forwards messages between two Unix sockets (one lives on the host while other lives inside bindfs mount).

mpartel commented 1 year ago

Thanks for looking into this. I don't have time to look much myself, but I vaguely remember that --direct-io might affect this (but break some other things like mmap in turn).