-
Notifications
You must be signed in to change notification settings - Fork 13
refactor(api): use abstract Unix socket for daemon on Linux #564
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
+44
−3
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| // Copyright 2025-2026 Docker, Inc. | ||
| // | ||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||
| // you may not use this file except in compliance with the License. | ||
| // You may obtain a copy of the License at | ||
| // | ||
| // http://www.apache.org/licenses/LICENSE-2.0 | ||
| // | ||
| // Unless required by applicable law or agreed to in writing, software | ||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| // See the License for the specific language governing permissions and | ||
| // limitations under the License. | ||
|
|
||
| //go:build linux | ||
|
|
||
| package api | ||
|
|
||
| import ( | ||
| "fmt" | ||
| "os" | ||
| ) | ||
|
|
||
| // DaemonSocketPath returns the address of the daemon's listening socket. | ||
| // | ||
| // On Linux it is an abstract Unix domain socket: the address has a leading | ||
| // "@", which Go's net package maps to a NUL byte, placing the socket in the | ||
| // abstract namespace instead of on the filesystem. | ||
| // | ||
| // The address is namespaced by the user's UID so daemons run by different | ||
| // users on the same host do not collide (the abstract namespace is shared per | ||
| // network namespace, not per user as a filesystem path would be). | ||
| func DaemonSocketPath() string { | ||
| return fmt.Sprintf("@docker-secrets-engine/%d/daemon.sock", os.Getuid()) | ||
| } |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[LOW] Platform coverage gap: non-darwin/non-linux Unix platforms have no
DaemonSocketPath()implementationThe original
defaults_unix.goused//go:build !windows, which implicitly covered FreeBSD, OpenBSD, illumos, and any other non-Windows platform. This PR replaces it with two explicitly-tagged files (darwinandlinux), leaving every other Unix-like OS without an implementation ofDaemonSocketPath()— the package would fail to compile on those platforms.In practice, docker/secrets-engine targets Linux and macOS (darwin), so this is theoretical rather than immediately harmful. However, the narrowing of platform coverage introduces a latent regression relative to the prior code with no documented rationale for the exclusion.
If intentional, consider adding a comment to
defaults_darwin.go(or a newdefaults_unix_other.gowith//go:build !linux && !windows && !darwin) explaining the scope decision, so future contributors understand why FreeBSD etc. are not supported.