diff options
author | Chuck Lever <chuck.lever@oracle.com> | 2011-05-09 15:22:55 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2011-05-27 17:42:47 -0400 |
commit | 7402ab19cdd5943c7dd4f3399afe3abda8077ef5 (patch) | |
tree | 70c2a418124011a1c8337ec6b221c945846b3f4a /security/selinux | |
parent | da09eb93033e7204cb3e3f3140b46cf108c42c8f (diff) |
SUNRPC: Use AF_LOCAL for rpcbind upcalls
As libtirpc does in user space, have our registration API try using an
AF_LOCAL transport first when registering and unregistering.
This means we don't chew up privileged ports, and our registration is
bound to an "owner" (the effective uid of the process on the sending
end of the transport). Only that "owner" may unregister the service.
The kernel could probe rpcbind via an rpcbind query to determine
whether rpcbind has an AF_LOCAL service. For simplicity, we use the
same technique that libtirpc uses: simply fail over to network
loopback if creating an AF_LOCAL transport to the well-known rpcbind
service socket fails.
This means we open-code the pathname of the rpcbind socket in the
kernel. For now we have to do that anyway because the kernel's
RPC over AF_LOCAL implementation does not support autobind. That may
be undesirable in the long term.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'security/selinux')
0 files changed, 0 insertions, 0 deletions