Linux 7.1 Looks To Support Extended Attributes On Sockets For New GNOME & systemd Functionality
([Linux Kernel] 4 Hours Ago
xattrs On Sockets)
- Reference: 0001616121
- News link: https://www.phoronix.com/news/Linux-7.1-Looks-xattrs-Sockets
- Source link:
While the [1]Linux 7.0 feature merge window ended this past weekend and that next kernel release won't debut as stable until April, there are already features out on the horizon that are being positioned for likely merging into the Linux 7.1 kernel assuming no issues appear or objections raised by Linus Torvalds. One of the features already looking like it will be submitted for Linux 7.1 is supporting extended attributes on sockets.
Christian Brauner has been working on support for extended attributes on sockets. He explained last week in [2]rework simple xattrs and support user.* xattrs on sockets :
"With this infrastructure in place the series adds support for user.* xattrs on sockets. Path-based AF_UNIX sockets inherit xattr support from the underlying filesystem (e.g. tmpfs) but sockets in sockfs - that is everything created via socket() including abstract namespace AF_UNIX sockets - had no xattr support at all."
Supporting the user.* extended attributes on sockets is being done in motivated for GNOME and systemd use cases.
[3]
Brauner added in that patch series cover letter:
"The practical motivation comes from several directions. systemd and GNOME are expanding their use of Varlink as an IPC mechanism. For D-Bus there are tools like dbus-monitor that can observe IPC traffic across the system but this only works because D-Bus has a central broker. For Varlink there is no broker and there is currently no way to identify which sockets speak Varlink. With user.* xattrs on sockets a service can label its socket with the IPC protocol it speaks (e.g., user.varlink=1) and an eBPF program can then selectively capture traffic on those sockets. Enumerating bound sockets via netlink combined with these xattr labels gives a way to discover all Varlink IPC entrypoints for debugging and introspection.
Similarly, systemd-journald wants to use xattrs on the /dev/log socket for protocol negotiation to indicate whether RFC 5424 structured syslog is supported or whether only the legacy RFC 3164 format should be used.
In containers these labels are particularly useful as high-privilege or more complicated solutions for socket identification aren't available."
These patches have been queued up into VFS.git's [4]vfs-7.1.xattr Git branch . With the patches now there, they are likely to be submitted for the Linux 7.1 merge window once it opens in April.
[1] https://www.phoronix.com/review/linux-7-features-changes
[2] https://lore.kernel.org/all/20260216-work-xattr-socket-v1-0-c2efa4f74cb7@kernel.org/
[3] https://www.phoronix.com/image-viewer.php?id=2026&image=gnome_lrg
[4] https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git/log/?h=vfs-7.1.xattr
Christian Brauner has been working on support for extended attributes on sockets. He explained last week in [2]rework simple xattrs and support user.* xattrs on sockets :
"With this infrastructure in place the series adds support for user.* xattrs on sockets. Path-based AF_UNIX sockets inherit xattr support from the underlying filesystem (e.g. tmpfs) but sockets in sockfs - that is everything created via socket() including abstract namespace AF_UNIX sockets - had no xattr support at all."
Supporting the user.* extended attributes on sockets is being done in motivated for GNOME and systemd use cases.
[3]
Brauner added in that patch series cover letter:
"The practical motivation comes from several directions. systemd and GNOME are expanding their use of Varlink as an IPC mechanism. For D-Bus there are tools like dbus-monitor that can observe IPC traffic across the system but this only works because D-Bus has a central broker. For Varlink there is no broker and there is currently no way to identify which sockets speak Varlink. With user.* xattrs on sockets a service can label its socket with the IPC protocol it speaks (e.g., user.varlink=1) and an eBPF program can then selectively capture traffic on those sockets. Enumerating bound sockets via netlink combined with these xattr labels gives a way to discover all Varlink IPC entrypoints for debugging and introspection.
Similarly, systemd-journald wants to use xattrs on the /dev/log socket for protocol negotiation to indicate whether RFC 5424 structured syslog is supported or whether only the legacy RFC 3164 format should be used.
In containers these labels are particularly useful as high-privilege or more complicated solutions for socket identification aren't available."
These patches have been queued up into VFS.git's [4]vfs-7.1.xattr Git branch . With the patches now there, they are likely to be submitted for the Linux 7.1 merge window once it opens in April.
[1] https://www.phoronix.com/review/linux-7-features-changes
[2] https://lore.kernel.org/all/20260216-work-xattr-socket-v1-0-c2efa4f74cb7@kernel.org/
[3] https://www.phoronix.com/image-viewer.php?id=2026&image=gnome_lrg
[4] https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git/log/?h=vfs-7.1.xattr