summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/fs/host
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry/fs/host')
-rw-r--r--pkg/sentry/fs/host/socket.go22
1 files changed, 17 insertions, 5 deletions
diff --git a/pkg/sentry/fs/host/socket.go b/pkg/sentry/fs/host/socket.go
index 4ace71c3e..e11772946 100644
--- a/pkg/sentry/fs/host/socket.go
+++ b/pkg/sentry/fs/host/socket.go
@@ -35,6 +35,8 @@ import (
// endpoint encapsulates the state needed to represent a host Unix socket.
//
+// TODO: Remove/merge with ConnectedEndpoint.
+//
// +stateify savable
type endpoint struct {
queue waiter.Queue `state:"zerovalue"`
@@ -288,13 +290,23 @@ func recvMsg(fd int, data [][]byte, numRights uintptr, peek bool, addr *tcpip.Fu
return rl, ml, control.New(nil, nil, newSCMRights(fds)), nil
}
-// NewConnectedEndpoint creates a new ConnectedEndpoint backed by
-// a host FD that will pretend to be bound at a given sentry path.
+// NewConnectedEndpoint creates a new ConnectedEndpoint backed by a host FD
+// that will pretend to be bound at a given sentry path.
//
-// The caller is responsible for calling Init(). Additionaly, Release needs
-// to be called twice because host.ConnectedEndpoint is both a
-// unix.Receiver and unix.ConnectedEndpoint.
+// The caller is responsible for calling Init(). Additionaly, Release needs to
+// be called twice because host.ConnectedEndpoint is both a unix.Receiver and
+// unix.ConnectedEndpoint.
func NewConnectedEndpoint(file *fd.FD, queue *waiter.Queue, path string) (*ConnectedEndpoint, *tcpip.Error) {
+ family, err := syscall.GetsockoptInt(file.FD(), syscall.SOL_SOCKET, syscall.SO_DOMAIN)
+ if err != nil {
+ return nil, translateError(err)
+ }
+
+ if family != syscall.AF_UNIX {
+ // We only allow Unix sockets.
+ return nil, tcpip.ErrInvalidEndpointState
+ }
+
e := &ConnectedEndpoint{path: path, queue: queue, file: file}
// AtomicRefCounters start off with a single reference. We need two.