Re: [exim] notifier_socket and Linux namespace issues

On 09/01/2022 17:46, Richard Kettlewell via Exim-users wrote:
> Can anyone explain why Exim uses an abstract socket address on Linux for notifier_socket?

Because we don't have to take care to delete it.

> It has some rather strange effects, because abstract sockets belong to the network namespace, not the filesystem namespace.
>
> The effect is that on most platforms, if you have multiple Exim instances in different filesystem namespaces (e.g. chroot or containers) then their notifier sockets are distinct; there is no crosstalk between the instances.
>
> However on Linux, if you have multiple Exim instances in different filesystem namespaces, their notifier sockets collide, leading to the 'daemon_notifier_socket bind: Address already in use' error from all but one of the Exim instances. There could also be crosstalk between the instances, though I'm not sure what the socket is used for so I don't know how much of a risk this is.

I'd have thought you'd want to be using different network namespaces too, to handle
collisions between port-usage. But I don't know if that's feasible.

Yes, crosstalk between multiple sets of Exim installations would be bad.
Moral: don't use half-assed methods of virtualisation.
--
Cheers,
Jeremy