[jboss-as7-dev] JBAS-9373, need control of what interfaces/ports are bound to

Scott Stark sstark at redhat.com
Thu Apr 21 17:54:34 EDT 2011


Yes, that is the impression I got from Jonathan. He says it is 
configurable, or at least the implementation can be changed, but I don't 
see how looking at the code associated with the stack trace in JBAS-9373.

On 4/21/11 10:40 AM, Brian Stansberry wrote:
> Nope I misread and was wrong; the address is not configurable, it's hard
> coded:
>
> return new ServerSocket(port, 0, InetAddress.getByName(null));
>
> Which makes sense, the whole intent of that class is to ensure
> uniqueness on the machine and that's impossible if different processes
> use different addresses.  Finding a better way to do this is a
> long-standing issue.
>
> On 4/21/11 12:33 PM, Brian Stansberry wrote:
>> I have a feeling this is a 1 line fix; give me a minute. It's pulling
>> the port from the socket config, just not the address.
>>
>> On 4/21/11 12:18 PM, Scott Stark wrote:
>>> I created this bug, now changed to an enhancement request:
>>> https://issues.jboss.org/browse/JBAS-9373
>>>
>>> to deal with the tm layer binding to an anonymous port on the 127.0.0.1
>>> interface as a means to obtain a system wide unique number. How this is
>>> done is not exposed via the domain model, and when running in an selinux
>>> (secured linux) environment we need control over what interfaces/ports
>>> are bound to, where files are written, etc. to be able to write the
>>> correct selinux policy.
>>>
>>> Do we need, or already have a id service that can be leveraged here? It
>>> looks like the arjuna Uid class that is used generates a 28 byte/224 bit
>>> value.
>>>
>>> The main issue is that any subsystem has to express what privileged
>>> resources it is making use of through the domain model.
>>>
>>> _______________________________________________
>>> jboss-as7-dev mailing list
>>> jboss-as7-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>>
>




More information about the jboss-as7-dev mailing list