On this first day of the Linux 7.1 merge window, among the early pull requests merged were beginning to land the various VFS pull requests submitted by Christian Brauner. Among that code merged is enabling support for user.* extended attributes on sockets.
This extended attributes on socket support has been sought after by GNOME and systemd developers in particular as part of their push for greater use of Varlink as an inter-process communication (IPC) mechanism. The user.* xattrs on sockets also has benefit for Linux container use-cases.
Brauner summed up the new functionality well in the pull request:
“Rework simple xattrs and support user.* xattrs on sockets This reworks the simple_xattr infrastructure and adds support for user.* extended attributes on sockets.
…
With this infrastructure in place the series adds support for user.* xattrs on sockets. Path-based AF_UNIX sockets inherit xattr support from the underlying filesystem (e.g. tmpfs) but sockets in sockfs – that is everything created via socket() including abstract namespace AF_UNIX sockets – had no xattr support at all.The xattr_permission() checks are reworked to allow user.* xattrs on S_IFSOCK inodes. Sockfs sockets get per-inode limits of 128 xattrs and 128KB total value size matching the limits already in use for kernfs.
The practical motivation comes from several directions. systemd and GNOME are expanding their use of Varlink as an IPC mechanism. For D-Bus there are tools like dbus-monitor that can observe IPC traffic across the system but this only works because D-Bus has a central broker. For Varlink there is no broker and there is currently no way to identify which sockets speak Varlink. With user.* xattrs on sockets a service can label its socket with the IPC protocol it speaks (e.g., user.varlink=1) and an eBPF program can then selectively capture traffic on those sockets. Enumerating bound sockets via netlink combined with these xattr labels gives a way to discover all Varlink IPC entrypoints for debugging and introspection.
Similarly, systemd-journald wants to use xattrs on the /dev/log socket for protocol negotiation to indicate whether RFC 5424 structured syslog is supported or whether only the legacy RFC 3164 format should be used.
In containers these labels are particularly useful as high-privilege or more complicated solutions for socket identification aren’t available.
The series comes with comprehensive selftests covering path-based AF_UNIX sockets, sockfs socket operations, per-inode limit enforcement, and xattr operations across multiple address families (AF_INET, AF_INET6, AF_NETLINK, AF_PACKET).”
Linus Torvalds merged this user extended attributes support for sockets without any objections for the Linux 7.1 cycle.
