Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net: UnixListener unlinks socket files inherited via socket activation #11826

Closed
mischief opened this issue Jul 22, 2015 · 3 comments

Comments

Projects
None yet
4 participants
@mischief
Copy link
Contributor

commented Jul 22, 2015

docker can use systemd for socket activation. docker creates a net.UnixListener using net.FileListener on the inherited fd. naturally, upon shutdown, docker calls Close on the net.Listener.

in unixsock_posix.go, Close calls syscall.Unlink on the file name that was found via getsockname. this code has been there since at least 2011.

the result of this is that upon the socket-activated service (docker) restarting, the service will reconnect to the inherited file descriptor, but clients of that socket will no longer be able to reach it because the socket file in the filesystem is gone, and never recreated.

this seems to have been worked around in docker in moby/moby@053c355, but this affects any socket-activated go program that 'properly' Closes it's UnixListeners.

if the UnixListener was not responsible for creating the socket file, it should not unlink the socket file on Close.

@tv42

This comment has been minimized.

Copy link

commented Jul 22, 2015

This can be triggered without docker, systemd, etc by e.g. passing an FD of a listening unix domain socket to multiple children, each child using net.FileListener and running its own Listen+Accept loop. When the first child exits, it'll also remove the socket file, preventing new client connections.

mischief added a commit to mischief/coreos-overlay that referenced this issue Jul 22, 2015

app-emulation/docker: sync systemd socket unit with upstream
without PartOf=docker.service, the docker socket gets permanently
unlinked when docker is restarted, resulting in a running docker daemon
but inability to contact it.

see docker commit 053c3557b3198466ecfbe066fefdbab2a78771d5 and
 golang/go#11826 for more details.

mischief added a commit to mischief/coreos-overlay that referenced this issue Jul 22, 2015

app-emulation/docker: sync systemd socket unit with upstream
without PartOf=docker.service, the docker socket gets permanently
unlinked when docker is restarted, resulting in a running docker daemon
but inability to contact it.

see docker commit 053c3557b3198466ecfbe066fefdbab2a78771d5 and
 golang/go#11826 for more details.

mischief added a commit to mischief/coreos-overlay that referenced this issue Jul 22, 2015

app-emulation/docker: sync systemd socket unit with upstream
without PartOf=docker.service, the docker socket gets permanently
unlinked when docker is restarted, resulting in a running docker daemon
but inability to contact it.

see docker commit 053c3557b3198466ecfbe066fefdbab2a78771d5 and
 golang/go#11826 for more details.

mischief added a commit to mischief/coreos-overlay that referenced this issue Jul 22, 2015

app-emulation/docker: sync systemd socket unit with upstream
without PartOf=docker.service, the docker socket gets permanently
unlinked when docker is restarted, resulting in a running docker daemon
but inability to contact it.

see docker commit 053c3557b3198466ecfbe066fefdbab2a78771d5 and
 golang/go#11826 for more details.

@ianlancetaylor ianlancetaylor added this to the Go1.6 milestone Jul 22, 2015

@ianlancetaylor ianlancetaylor changed the title net.UnixListener unlinks socket files inherited via socket activation net: UnixListener unlinks socket files inherited via socket activation Jul 22, 2015

@gopherbot

This comment has been minimized.

Copy link

commented Dec 5, 2015

CL https://golang.org/cl/17458 mentions this issue.

@rsc rsc closed this in a4fd325 Dec 11, 2015

@gopherbot

This comment has been minimized.

Copy link

commented Dec 11, 2015

CL https://golang.org/cl/17725 mentions this issue.

rsc added a commit that referenced this issue Dec 14, 2015

net: add test for CL 17458
I thought that we avoided creating on-disk Unix sockets,
but I was mistaken. Use one to test CL 17458.

Fixes #11826.

Change-Id: Iaa1fb007b95fa6be48200586522a6d4789ecd346
Reviewed-on: https://go-review.googlesource.com/17725
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

@golang golang locked and limited conversation to collaborators Dec 14, 2016

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.