Unix sockets

Posted Dec 25, 2024 17:20 UTC (Wed) by bluca (subscriber, #118303)
In reply to: Unix sockets by ibukanov
Parent article: Systemd improves image features and adds varlink API

> It is interesting that Lennart Poettering went in 10 years from pushing DBus into the kernel, https://lwn.net/Articles/580194/ , to preferring over it a simpler JSON protocol based on Unix sockets and pipes.

That's because D-Bus _is_ better as an IPC to control system services, if not for the one fatal flaw of not being available in early boot, which is essentially unsolvable without having the IPC primitives in the kernel, which is what kdbus first and bus1 later were trying to do. Unfortunately "the kernel is the wrong place to implement IPC primititves" (or so they said, before merging Binder to which this reasoning doesn't apply, for some reason), so here we are.

The reason Varlink usage can be expanded now is thanks to a particular recent kernel feature, PID FDs. WIth that, it is now possible to reliably identify processes for the purpose of interactive authentication. It just wasn't possible to do so earlier, given PIDs and all other per-process metadata can be trivially spoofed by an unprivileged attacker.

Unix sockets

Posted Dec 25, 2024 18:39 UTC (Wed) by lunaryorn (subscriber, #111088) [Link] (1 responses)

On the other hand, varlink is a lot simpler to implement and use. All languages do JSON, most do unix sockets, some even do both in the standard library, but there are still not many languages with high-quality and maintained DBus implementations. Essentially, it's just sd-bus, glib/gio, Qt, dbus, and that's about it if I'm not mistaken.

I can call a varlink service with the Python or Demo standard libraries, or even with nc, jq, and bash, but scripting or glueing anything with DBus is still cumbersome even after all these years.

Perhaps things would be different now if we had gotten kdbus l, but as things stand today I'm more than happy to see a well specified DBus alternative emerge which seems to hit the sweet spot between simplicity for simple use cases while still allowing for incremental complexity for more complicated situations.

Unix sockets

Posted Dec 25, 2024 18:40 UTC (Wed) by lunaryorn (subscriber, #111088) [Link]

Qt and _zbus_. Sorry for the typo.

Unix sockets

Posted Jan 3, 2025 15:05 UTC (Fri) by nim-nim (subscriber, #34454) [Link] (1 responses)

> Unfortunately "the kernel is the wrong place to implement IPC primititves" (or so they said, before merging Binder to which this reasoning doesn't apply, for some reason), so here we are.

Well then as quotemstr pointed out the correct thing would be to build upon Binder now that it’s merged. I don’t pretend to understand the problem space at your level but I can not parse your logic. If D-Bus is the best solution as an IPC to control system services except for the lack of IPC primitives in the kernel, why should not it be preferred to varlink, now that there are IPC primitives in the kernel. Unless binder is fundamentally flawed as a d-bus underlay ?

Unix sockets

Posted Jan 3, 2025 15:20 UTC (Fri) by bluca (subscriber, #118303) [Link]

It's not that one is the best and the other is flawed, it's just that D-Bus is what we have, and it is used in a myriad of places, so replacing it with a different IPC would be an absolutely gigantic amount of work, and probably never be finished. And I have no idea if it would be even feasible to implement D-Bus on top of Binder, they are so different, and clearly intended for different use cases, naively it seems an increadibly tall order, if even possible, but don't know if anybody ever looked at it. I mean, PRs welcome? ;-)

Unix sockets

Posted Jan 12, 2025 19:52 UTC (Sun) by mrugiero (guest, #153040) [Link]

> Unfortunately "the kernel is the wrong place to implement IPC primititves" (or so they said, before merging Binder to which this reasoning doesn't apply, for some reason), so here we are.

I seem to recall Binder was there before Bus1 and was simpler in some sense than kdbus? I also remember Torvalds saying if Greg thought it was a good idea then he trusted it or something along those lines? It's quite likely I'm misremembering, but you being one of the interested parties I think you might share some more data about whether I remember right and what happened after that caused Bus1 to stagnate.