[jboss-as7-dev] JBAS-9373, need control of what interfaces/ports are bound to

Mon Apr 25 18:54:35 EDT 2011

IMO the domain model should not expose it as a config option, per my 
comment on the JIRA.  Using different implementations concurrently on 
the same host O/S is just as invalid as using different interfaces and 
should remain impossible.

And yes, I've already explained to Scott:  'We do ship alternative 
implementaitons of the process-id interface... None are as heavily 
tested as the socket based one and none are as likely to work in all 
environments: O/S, filesystem, JVM, etc. Therefore I consider it 
debatable if any will actually be an overall improvement on the socket 
based one'.

Just write a policy file that allows binding to the appropriate 
interface. You don't need control over the interface used, just an 
awareness of which one it is.

Jonathan.

On 04/25/2011 10:18 PM, Brian Stansberry wrote:
> He's probably referring to the different implementations of the
> com.arjuna.ats.arjuna.utils.Process interface that can be used, where
> SocketProcessId is just a default. The domain configuration model should
> expose a mechanism (probably an attribute with an enumerated value) to
> select something else. But last I looked into this (pretty long ago),
> none of the other options were a good default choice. Jonathan, is that
> still the case?
>
> On 4/21/11 4:54 PM, Scott Stark wrote:
>> Yes, that is the impression I got from Jonathan. He says it is
>> configurable, or at least the implementation can be changed, but I don't
>> see how looking at the code associated with the stack trace in JBAS-9373.
>>
>> On 4/21/11 10:40 AM, Brian Stansberry wrote:
>>> Nope I misread and was wrong; the address is not configurable, it's hard
>>> coded:
>>>
>>> return new ServerSocket(port, 0, InetAddress.getByName(null));
>>>
>>> Which makes sense, the whole intent of that class is to ensure
>>> uniqueness on the machine and that's impossible if different processes
>>> use different addresses. Finding a better way to do this is a
>>> long-standing issue.
>>>
>>> On 4/21/11 12:33 PM, Brian Stansberry wrote:
>>>> I have a feeling this is a 1 line fix; give me a minute. It's pulling
>>>> the port from the socket config, just not the address.
>>>>
>>>> On 4/21/11 12:18 PM, Scott Stark wrote:
>>>>> I created this bug, now changed to an enhancement request:
>>>>> https://issues.jboss.org/browse/JBAS-9373
>>>>>
>>>>> to deal with the tm layer binding to an anonymous port on the
>>>>> 127.0.0.1
>>>>> interface as a means to obtain a system wide unique number. How
>>>>> this is
>>>>> done is not exposed via the domain model, and when running in an
>>>>> selinux
>>>>> (secured linux) environment we need control over what interfaces/ports
>>>>> are bound to, where files are written, etc. to be able to write the
>>>>> correct selinux policy.
>>>>>
>>>>> Do we need, or already have a id service that can be leveraged
>>>>> here? It
>>>>> looks like the arjuna Uid class that is used generates a 28
>>>>> byte/224 bit
>>>>> value.
>>>>>
>>>>> The main issue is that any subsystem has to express what privileged
>>>>> resources it is making use of through the domain model.
>>>>>
>>>>> _______________________________________________
>>>>> jboss-as7-dev mailing list
>>>>> jboss-as7-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>>>>
>>>
>>
>> _______________________________________________
>> jboss-as7-dev mailing list
>> jboss-as7-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>
>

-- 
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod 
Street, Windsor, Berkshire, SI4 1TE, United Kingdom.
Registered in UK and Wales under Company Registration No. 3798903 
Directors: Michael Cunningham (USA), Charlie Peters (USA), Matt Parsons 
(USA) and Brendan Lane (Ireland).