[jboss-as7-dev] JBAS-9373, need control of what interfaces/ports are bound to
Brian Stansberry
brian.stansberry at redhat.com
Mon Apr 25 17:18:08 EDT 2011
He's probably referring to the different implementations of the
com.arjuna.ats.arjuna.utils.Process interface that can be used, where
SocketProcessId is just a default. The domain configuration model should
expose a mechanism (probably an attribute with an enumerated value) to
select something else. But last I looked into this (pretty long ago),
none of the other options were a good default choice. Jonathan, is that
still the case?
On 4/21/11 4:54 PM, Scott Stark wrote:
> Yes, that is the impression I got from Jonathan. He says it is
> configurable, or at least the implementation can be changed, but I don't
> see how looking at the code associated with the stack trace in JBAS-9373.
>
> On 4/21/11 10:40 AM, Brian Stansberry wrote:
>> Nope I misread and was wrong; the address is not configurable, it's hard
>> coded:
>>
>> return new ServerSocket(port, 0, InetAddress.getByName(null));
>>
>> Which makes sense, the whole intent of that class is to ensure
>> uniqueness on the machine and that's impossible if different processes
>> use different addresses. Finding a better way to do this is a
>> long-standing issue.
>>
>> On 4/21/11 12:33 PM, Brian Stansberry wrote:
>>> I have a feeling this is a 1 line fix; give me a minute. It's pulling
>>> the port from the socket config, just not the address.
>>>
>>> On 4/21/11 12:18 PM, Scott Stark wrote:
>>>> I created this bug, now changed to an enhancement request:
>>>> https://issues.jboss.org/browse/JBAS-9373
>>>>
>>>> to deal with the tm layer binding to an anonymous port on the 127.0.0.1
>>>> interface as a means to obtain a system wide unique number. How this is
>>>> done is not exposed via the domain model, and when running in an selinux
>>>> (secured linux) environment we need control over what interfaces/ports
>>>> are bound to, where files are written, etc. to be able to write the
>>>> correct selinux policy.
>>>>
>>>> Do we need, or already have a id service that can be leveraged here? It
>>>> looks like the arjuna Uid class that is used generates a 28 byte/224 bit
>>>> value.
>>>>
>>>> The main issue is that any subsystem has to express what privileged
>>>> resources it is making use of through the domain model.
>>>>
>>>> _______________________________________________
>>>> jboss-as7-dev mailing list
>>>> jboss-as7-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>>>
>>
>
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
--
Brian Stansberry
Principal Software Engineer
JBoss by Red Hat
More information about the jboss-as7-dev
mailing list