Re: [exim] notifier_socket and Linux namespace issues

On 2022-01-09 22:03, Jeremy Harris wrote:
> On 09/01/2022 17:46, Richard Kettlewell via Exim-users wrote:
> > Can anyone explain why Exim uses an abstract socket address on Linux
for notifier_socket?
>
> Because we don't have to take care to delete it.

Presumably that's not true on non-Linux platforms, that don't have abstract
socket addresses.

> > It has some rather strange effects, because abstract sockets belong to
the network namespace, not the filesystem namespace.
> >
> > The effect is that on most platforms, if you have multiple Exim
instances in different filesystem namespaces (e.g. chroot or containers)
then their notifier sockets are distinct; there is no crosstalk between the
instances.
> >
> > However on Linux, if you have multiple Exim instances in different
filesystem namespaces, their notifier sockets collide, leading to the
'daemon_notifier_socket bind: Address already in use' error from all but
one of the Exim instances. There could also be crosstalk between the
instances, though I'm not sure what the socket is used for so I don't know
how much of a risk this is.
>
> I'd have thought you'd want to be using different network namespaces too,
to handle
> collisions between port-usage. But I don't know if that's feasible.

There are no colliding ports in my case.The Exims don't have listening
ports; they are just there to route mail out of the containers.

It might be possible to use unshared network namespaces but it'd add
complexity.

> Yes, crosstalk between multiple sets of Exim installations would be bad.
> Moral: don't use half-assed methods of virtualisation.

I don't think my use case is "half-assed", thanks.

ttfn/rjk