Unix Domain Sockets
📚 unix(7)
Unix Domain Sockets are an IPC mechanism on Unix that works through the BSD socket API.
In the context of LandlockLsm, Unix Domain Sockets are notable because they can be used to pass file descriptors between processes.
The sockaddr struct for Unix Domain sockets is (from unix(7)):
struct sockaddr_un {
sa_family_t sun_family; /* AF_UNIX */
char sun_path[108]; /* Pathname */
};
sun_pathis a null-terminated file system path to bind(2) or connect(2) to.- Additionally, on Linux, when the first byte of
sun_pathis set to 0,&sun_path[1]is the name of an Abstract Unix Domain Socket (they live in a global namespace separate from the file system).
Unix Domain Sockets can be created in two ways:
- Through socket(2) with
AF_UNIX - Through socketpair(2) with
AF_UNIX