Visit Our UNIX and Linux User Community

Top Forums UNIX for Advanced & Expert Users Re: [docker/for-mac] Support for sharing UNIX sockets (#483) Post 303046290 by Neo on Thursday 30th of April 2020 12:15:30 AM
Old 04-30-2020
Re: [docker/for-mac] Support for sharing UNIX sockets (#483)

There now exists an official workaround for this as of Docker for Mac >= 2.2.0.0.

REF: File system sharing (osxfs) | Docker Documentation

The solution involves using a "magic path" specifically for SSH_AUTH_SOCK: /run/host-services/ssh-auth.sock

Mount this special path into the container via docker run args:

Code:
SSH_AUTH_SOCK_MAGIC_PATH='/run/host-services/ssh-auth.sock'
docker run -ti -v ${SSH_AUTH_SOCK_MAGIC_PATH}:${SSH_AUTH_SOCK_MAGIC_PATH} \
           -e SSH_AUTH_SOCK=${SSH_AUTH_SOCK_MAGIC_PATH} \
           some-container/needing-ssh-agent

Note that this does not resolve the main issue of mounting arbitrary Unix sockets into a container. At least it works for ssh-agent / SSH_AUTH_SOCK!

So, this fix does not help when setting up a reverse web proxy to a Unix socket in the container (as mentioned above).


See also: Support for sharing unix sockets . Issue #483 . docker/for-mac . GitHub
 
Test Your Knowledge in Computers #279
Difficulty: Easy
A microkernel is the near-minimum amount of software that can provide the mechanisms needed to implement an operating system (OS). These mechanisms include low-level address space management, thread management, and inter-process communication (IPC).
True or False?

6 More Discussions You Might Find Interesting

1. SCO

Sharing unix drives from two unix systems

I have two SCO openserver systems, 1 in the US and 1 in the UK. I am setting up a vpn to connect the two local networks that also have windows pc's on them. Is there a way that either unix system can see the hard drive on the other unix system so that I can share data between them. I run a cobol... (1 Reply)
Discussion started by: rongrout
1 Replies

2. IP Networking

sharing of IP address for load sharing avoiding virtual server & redirection machine

I have RedHat 9.0 installed on three of my servers (PIII - 233MHz) and want that they share a common IP address so that any request made reaches each of the servers. Can anyone suggest how should I setup my LAN. I'm new to networking in Linux so please elaborate and would be thankful for a timely... (2 Replies)
Discussion started by: Rakesh Ranjan
2 Replies

3. UNIX for Advanced & Expert Users

UNIX Message Queues vs. Sockets

If I use sockets for IPC, and can easily distribute my applications. UNIX Message Queues are local to the processor. As I understand it, Message Queues still incur system call overhead, just like socket calls. What advantage does a UNIX Message Queue provide versus a TCP or UDP Socket,... (2 Replies)
Discussion started by: zen29sky
2 Replies

4. UNIX for Advanced & Expert Users

UNIX domain sockets vs FIFOs

Is there a performance advantage of one of these over the other? Obviously, it makes no sense to use normal TCP sockets or UDP sockets w/ the overhead they carry. But what about UNIX domain sockets vs FIFOs? I'd think they'd be very similar, in terms of performance and in terms of how they're... (2 Replies)
Discussion started by: mgessner
2 Replies

5. UNIX for Dummies Questions & Answers

what is the advantage of unix sockets?

Hi, i understood that there are several type of sockets: TCP, UDP & Unix. i wondered, what is the performance advantages of unix socket of the other types? isn't it equal to use UDP with localhost as destination over unix socket? Thanks in advance, Sariel (1 Reply)
Discussion started by: sarielz
1 Replies

6. UNIX for Dummies Questions & Answers

Screen Sharing VNC Mac

Hello, I am having some trouble using screen sharing with my Mac. There is a Mac Pro in the lab at my school, and I need to access it via screen sharing from my Macbook Pro from home. Each has Lion. The screen sharing works when I am in the lab and the Mac Pro is on the WiFi network, it also works... (1 Reply)
Discussion started by: Tyler_92
1 Replies
pam_ssh_agent_auth(8)							PAM						     pam_ssh_agent_auth(8)

PAM_SSH_AGENT_AUTH
       This module provides authentication via ssh-agent.  If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
       the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.

SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys /etc/sudoers: Defaults env_keep += "SSH_AUTH_SOCK" This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in /etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can either be local, or forwarded. Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry. ARGUMENTS
file=<path to authorized_keys> Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below) allow_user_owned_authorized_keys_file A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically whenever the expansions %h or ~ are used. debug A flag which enables verbose logging sudo_service_name=<service name you compiled sudo to use> (when compiled with --enable-sudo-hack) Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER. This defaults to "sudo". EXPANSIONS
~ -- same as in shells, a user's Home directory Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file %h -- User's Home directory Automatically enables allow_user_owned_authorized_keys_file %H -- The short-hostname %u -- Username %f -- FQDN EXAMPLES
in /etc/pam.d/sudo "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys" The default .ssh/authorized_keys file in a user's home-directory "auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys" Same as above. "auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys" If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'. "auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file" On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself. "auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys" On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root. v0.8 2009-08-09 pam_ssh_agent_auth(8)

Featured Tech Videos

All times are GMT -4. The time now is 02:39 PM.
Unix & Linux Forums Content Copyright 1993-2020. All Rights Reserved.
Privacy Policy