Here's a preview from my zine, Bite Size Linux!! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!
get the zine!
read the transcript!
unix domain sockets are files
$ file mysock.sock
socket
the file’s permissions determine who can send data to the socket.
they let 2 programs on the same computer communicate
Docker uses Unix domain sockets, for example!
process: GET/container (HTTP request) Docker: Here you go!
There are 2 kind of unix domain sockets
stream: Like TCP! Lets you send a continuous stream of bytesdatagram: Like UDP! Let you send discrete chunks of data
advantage 1
Lets you use file permission to restrict access to HTTP/database services!
chmod 600 secret.sock
This is why Docker uses a unix domain socket. (lock icon)
evil process: run evil container
Linux, nonplussed: permission denied
advantage 2
UDP sockets aren’t always reliable (even on the same compute).
unix domain datagram sockets ARE reliable! And they won’t reorder packets!
Process: I can send data and I KNOW it’ll arrive
advantage 3
You can send a file descriptor over a unix domain socket. Useful when handling untrusted input files.
process: here’s a file I downloaded from sketchy.com (putting it into video decoder, a sandboxed process)