Skip to content

Replace TCP with Unix sockets for local RPC#72

Open
vyasgun wants to merge 2 commits into
crc-org:masterfrom
vyasgun:pr/replace-with-unix
Open

Replace TCP with Unix sockets for local RPC#72
vyasgun wants to merge 2 commits into
crc-org:masterfrom
vyasgun:pr/replace-with-unix

Conversation

@vyasgun

@vyasgun vyasgun commented Jul 2, 2026

Copy link
Copy Markdown

Switch from TCP (127.0.0.1) to Unix domain sockets to restrict RPC access to the socket owner via filesystem permissions. Configurable via CRC_SOCKET_DIR, defaults to /tmp/crc-machine.

Tested with crc with the following patch:

diff --git a/cmd/crc/cmd/root.go b/cmd/crc/cmd/root.go
index 8aefaa9d6..45a53c5b9 100644
--- a/cmd/crc/cmd/root.go
+++ b/cmd/crc/cmd/root.go
@@ -53,6 +53,8 @@ func init() {
        if err := constants.EnsureBaseDirectoriesExist(); err != nil {
                logging.Fatal(err.Error())
        }
+       // Set the socket directory for machine driver plugins
+       os.Setenv("CRC_SOCKET_DIR", constants.SocketBaseDir)
        var err error
        config, viper, err = newConfig()
        if err != nil {

Summary by CodeRabbit

  • Bug Fixes
    • Improved local driver communication reliability by switching internal RPC connections to use a Unix domain socket instead of TCP.
    • Added safer socket setup by choosing the socket directory from CRC_SOCKET_DIR (with a secure default), creating it with owner-only permissions, and enforcing restrictive permissions on the socket file.
    • When setup fails or permissions are incorrect, the service now fails more clearly and avoids starting with unsafe access.

Switch from TCP (127.0.0.1) to Unix domain sockets to restrict RPC
access to the socket owner via filesystem permissions. Configurable
via CRC_SOCKET_DIR, defaults to /tmp/crc-machine.
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Review Change Stack

Walkthrough

The plugin RPC server now uses a Unix domain socket with restricted directory and file permissions, and the RPC client now dials that socket using Unix transport.

Changes

Unix Socket Transport Migration

Layer / File(s) Summary
Server-side Unix socket listener setup
libmachine/drivers/plugin/register_driver.go
Adds path/filepath import and replaces TCP listener setup with Unix socket directory resolution, creation, stale socket cleanup, listening, and permission handling.
Client-side Unix socket dial
libmachine/drivers/rpc/client_driver.go
Switches rpc.DialHTTP from "tcp" to "unix" when connecting to the plugin server address.

Estimated code review effort: 2 (Simple) | ~10 minutes

Sequence Diagram(s)

sequenceDiagram
  participant RegisterDriver
  participant UnixListener
  participant RPCClient

  RegisterDriver->>UnixListener: resolve socket dir and start listening
  RegisterDriver->>UnixListener: remove stale plugin.sock and chmod 0600
  RPCClient->>UnixListener: DialHTTP("unix", addr)
Loading

Poem

I hop through sockets, snug and neat,
with tidy perms on every seat 🐇
TCP is gone, Unix is in play,
a quiet little tunnel leads the way.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: switching local RPC from TCP to Unix sockets.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@libmachine/drivers/plugin/register_driver.go`:
- Around line 50-57: The socket setup path currently assumes CRC_SOCKET_DIR is
private just because os.MkdirAll uses 0700, but an existing directory may still
be group/world accessible. In the registerDriver flow, add a permission check on
socketDir before os.Remove and net.Listen, and reject any non-private directory
instead of proceeding. Use the existing socket setup block in register_driver.go
to locate the change and keep the guard before binding the unix socket.
- Around line 55-57: The plugin registration flow in NewRPCClientDriver is using
a shared fixed socket name, which can collide across concurrent plugin
processes. Update the socket creation around socketPath/net.Listen so each
driver instance gets a unique rendezvous path (for example by using a
per-process or random name), and avoid removing/rebinding a path that may belong
to another running plugin. Keep the change localized to the socket setup in
register_driver.go and any helper used to build the plugin socket path.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9571b532-e68a-4ad4-895a-35f668fc32f1

📥 Commits

Reviewing files that changed from the base of the PR and between a943b47 and 3328b83.

📒 Files selected for processing (2)
  • libmachine/drivers/plugin/register_driver.go
  • libmachine/drivers/rpc/client_driver.go

Comment thread libmachine/drivers/plugin/register_driver.go
Comment thread libmachine/drivers/plugin/register_driver.go
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant