Replace TCP with Unix sockets for local RPC#72
Conversation
Switch from TCP (127.0.0.1) to Unix domain sockets to restrict RPC access to the socket owner via filesystem permissions. Configurable via CRC_SOCKET_DIR, defaults to /tmp/crc-machine.
WalkthroughThe plugin RPC server now uses a Unix domain socket with restricted directory and file permissions, and the RPC client now dials that socket using Unix transport. ChangesUnix Socket Transport Migration
Estimated code review effort: 2 (Simple) | ~10 minutes Sequence Diagram(s)sequenceDiagram
participant RegisterDriver
participant UnixListener
participant RPCClient
RegisterDriver->>UnixListener: resolve socket dir and start listening
RegisterDriver->>UnixListener: remove stale plugin.sock and chmod 0600
RPCClient->>UnixListener: DialHTTP("unix", addr)
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@libmachine/drivers/plugin/register_driver.go`:
- Around line 50-57: The socket setup path currently assumes CRC_SOCKET_DIR is
private just because os.MkdirAll uses 0700, but an existing directory may still
be group/world accessible. In the registerDriver flow, add a permission check on
socketDir before os.Remove and net.Listen, and reject any non-private directory
instead of proceeding. Use the existing socket setup block in register_driver.go
to locate the change and keep the guard before binding the unix socket.
- Around line 55-57: The plugin registration flow in NewRPCClientDriver is using
a shared fixed socket name, which can collide across concurrent plugin
processes. Update the socket creation around socketPath/net.Listen so each
driver instance gets a unique rendezvous path (for example by using a
per-process or random name), and avoid removing/rebinding a path that may belong
to another running plugin. Keep the change localized to the socket setup in
register_driver.go and any helper used to build the plugin socket path.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 9571b532-e68a-4ad4-895a-35f668fc32f1
📒 Files selected for processing (2)
libmachine/drivers/plugin/register_driver.golibmachine/drivers/rpc/client_driver.go
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Switch from TCP (127.0.0.1) to Unix domain sockets to restrict RPC access to the socket owner via filesystem permissions. Configurable via CRC_SOCKET_DIR, defaults to /tmp/crc-machine.
Tested with crc with the following patch:
Summary by CodeRabbit
CRC_SOCKET_DIR(with a secure default), creating it with owner-only permissions, and enforcing restrictive permissions on the socket file.