[cap-talk] Piping capability communication, data vs. descriptor capability strengths
Trey Boudreau
trey at treysoft.com
Fri Feb 27 09:48:59 EST 2009
On Fri, Feb 27, 2009 at 10:41:27AM +0000, lists at notatla.org.uk wrote:
>
> Jed Donnelley <capability at webstart.com> writes
>
> > Even in Unix I've heard that open file descriptors can be sent
> > through a pipe. If that's so, what's the syntax (e.g. as above) look
> > like? How are the descriptors sent and received specified (by the
> > sender on sending and by the OS on receiving to the receiver)?
>
> You can send descriptors as seen in
> "Advanced Programming in the Unix Environment" section 15.3.
> which uses ioctl() with I_SENDFD .
> http://opengroup.org/onlinepubs/007908799/xsh/ioctl.html
>
> The sender already has the descriptor it's sending and refers to it
> by number (small integer) and ioctl() produces from that a value
> related to kernel tables that will be meaningful to an ioctl() with
> I_REVCFD in the receiving program.
>
> I've never done that - normally when I set up one pipe between a pair
> of processes I can set up two. You'd rarely pass a descriptor to a
> program you call directly and I don't think there's any shell pipeline
> syntax to do so.
>
"call directly" usually means fork/exec, in which case the child
inherits all of your existing file descriptors so you don't need to send
them.
Sending file descriptors via ioctl() works regardless of the
relationship between the two processes, IIRC.
-- Trey
More information about the cap-talk
mailing list