New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

File descriptor passing: is this of any interest/being worked on? #11417

Closed
EdSchouten opened this Issue Jun 6, 2017 · 5 comments

Comments

Projects
None yet
7 participants
@EdSchouten
Copy link

EdSchouten commented Jun 6, 2017

The last couple of years there has been a lot of interest in the area of capability systems for UNIX-like operating systems. Examples include FreeBSD's Capsicum, and CloudABI, a project I'm heavily involved in.

One of the important requirements for capability systems is that capabilities (in the case of Capsicum/etc: file descriptors) can be sent across processes. For example, it is possible to design a secure mailserver that can only access mailboxes stored on disk by sending an RPC to a privileged helper process to request a file descriptor for a specific user's mailbox file/directory. On most UNIX-like systems, file descriptors can be transmitted to different processes across UNIX sockets, using sendmsg() in combination with SCM_RIGHTS.

It looks like Protobuf/GRPC doesn't support this right now. First of all, Protobuf would need to be extended to have file descriptors as first-class data types. Second, GRPC should probably gain support for transmitting/receiving file descriptors across sockets. It should also gain features to properly manage the lifetime of file descriptors that are being transmitted/received.

The reason I'm getting in touch is because I'm interested in knowing whether the GRPC community is interested in having support for such a feature integrated. I'm interested in working on this, but it would be a shame if that work would all be for nothing if the project considers it out of scope.

@akhi3030

This comment has been minimized.

Copy link

akhi3030 commented Oct 31, 2017

Hi, I too am interested in this feature. Are there any plans on adding this in the near term?

@markdroth

This comment has been minimized.

Copy link
Member

markdroth commented May 16, 2018

We have no plans to support anything like this directly in gRPC. However, note in C++, you can obtain a file descriptor yourself and use CreateInsecureChannelFromFd() (defined in https://github.com/grpc/grpc/blob/master/include/grpcpp/create_channel_posix.h) to create a gRPC channel from the fd. You may be able to use that as a work-around.

@markdroth markdroth closed this May 16, 2018

@EdSchouten

This comment has been minimized.

Copy link
Author

EdSchouten commented May 16, 2018

Hi @markdroth. Thanks for answering this question. That said, the workaround that you suggested doesn't apply. This issue was about being able to pass file descriptors natively as part of RPCs.

@markdroth

This comment has been minimized.

Copy link
Member

markdroth commented May 16, 2018

You mean pass the fd in the payload of an RPC? Yeah, we definitely don't have any plan to support anything like that.

@nicolasnoble

This comment has been minimized.

Copy link
Contributor

nicolasnoble commented May 16, 2018

For reference, this is what is described by the IPC mechanism in libuv when using write2, and passing handles through IPC-enabled pipes: http://docs.libuv.org/en/v1.x/stream.html

It's really not a trivial thing to do.

@lock lock bot locked as resolved and limited conversation to collaborators Sep 29, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.