{"id":41687993,"url":"https://github.com/koro666/xsocket","last_synced_at":"2026-01-24T19:59:22.321Z","repository":{"id":224791098,"uuid":"763958338","full_name":"koro666/xsocket","owner":"koro666","description":"Cross-namespace socket library","archived":false,"fork":false,"pushed_at":"2024-12-23T06:20:27.000Z","size":46,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-12-23T07:23:30.835Z","etag":null,"topics":["linux","namespace","netns","network","socket"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/koro666.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-27T08:18:17.000Z","updated_at":"2024-12-23T06:20:30.000Z","dependencies_parsed_at":"2024-02-27T19:40:18.160Z","dependency_job_id":null,"html_url":"https://github.com/koro666/xsocket","commit_stats":null,"previous_names":["koro666/xsocket"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/koro666/xsocket","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koro666%2Fxsocket","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koro666%2Fxsocket/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koro666%2Fxsocket/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koro666%2Fxsocket/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/koro666","download_url":"https://codeload.github.com/koro666/xsocket/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/koro666%2Fxsocket/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28735982,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-24T19:23:36.361Z","status":"ssl_error","status_checked_at":"2026-01-24T19:23:28.966Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["linux","namespace","netns","network","socket"],"created_at":"2026-01-24T19:59:21.692Z","updated_at":"2026-01-24T19:59:22.315Z","avatar_url":"https://github.com/koro666.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# `xsocket`: cross-namespace socket creation\n\n`xsocket` is a set of tools to allow processes from isolated network namespaces to create sockets into other network namespaces without needing to call `setns` which requires elevated privileges.\n\nIt works by forwarding the request to create a socket to a small server process which runs in the desired target namespace.\n\n## Build\n\nThis project uses [Meson](https://mesonbuild.com/).\n\n```\nmeson setup build\nmeson compile -C build\nmeson install -C build\n```\n\nAlternatively, if on Archlinux, just run `makepkg` to build a proper package.\n\n## Usage\n\nMake sure the server is running, either by running `xsocket-server` directly or using the `xsocket.service` systemd unit.\n\nThe default listen path is `/run/xsocket/default`, but a different path can be passed as the sole argument to `xsocket-server`. Abstract sockets are supported when prefixed with `@`.\n\nThere are two main ways to use this tool.\n\n### Programmatically\n\n`xsocket`-aware code can include `\u003cxsocket.h\u003e` and link with `libxsocket.so`, then call the following function:\n\n```c\nint xsocket(const char* path, int domain, int type, int, protocol);\n```\n\nThe `path` parameter is the filesystem path to the server socket, in the same format as specified to `xsocket-server`. If set to `NULL`, it will use the default path.\n\nThe three remaining parameters have the same meaning as with `socket (2)`.\n\n### Injection\n\nThe `libxbind.so` library can be injected into unaware processes using `LD_PRELOAD` to forward selected listening ports to the target network namespace.\n\nThe `XBIND` environment variable is a space separated list of ports which should be forwarded, or the special value `*` for all ports. No distinction is made between IPv4 vs IPv6, or TCP vs UDP.\n\nThe `XSOCKET` environment variable can be set to point to an alternate control socket. If unset, it will use the default path.\n\nThe following example demonstrates remote listening using `nc`:\n\n```\nLD_PRELOAD=libxbind.so XBIND=3000 nc -l -p 3000\n```\n\nFor systemd services, an add-on file (`/etc/systemd/system/servicename.d/xbind.conf`) can be used to configure specific listening ports:\n\n```\n[Unit]\nWants=xsocket.service\nAfter=xsocket.service\n\n[Service]\nExecStartPre=+/usr/bin/setfacl -n -m u:serviceuser:rwx,m::rwx %t/xsocket\nEnvironment=LD_PRELOAD=libxbind.so\nEnvironment=XBIND=1234\n```\n\nReplace the `serviceuser` username and port number accordingly.\n\n## Security\n\nThere is none. Any process with access to the control socket can ask it to create fresh sockets of any kind. Therefore, any security comes externally in the form of strict permissions on the socket, restrictions on the server process itself, and proper firewall rules.\n\n## How it Works\n\nWhen `xsocket` is called to create a socket, it connects to the `xsocket-server` instance through its UNIX socket and sends a message containing the requested domain, type and protocol.\n\nUpon reception of such a message, the server creates the requested socket, then passes it back using `SCM_RIGHTS` to the client. In case of failure, an error code is returned instead.\n\nThe `libxbind.so` library works by intercepting the `bind` call, creating a new socket of the same domain, type and protocol as the original, copying all known socket options, and then duplicating it over the original file descriptor. Special care is taken that the non-blocking and close-on-exec flags of the original socket are preserved.\n\nAll calls to `setsockopt` are also tracked to keep track of which socket options have been used, in order to minimize the amount of blind copying of socket options.\n\n## Thanks\n\n- [rd235](https://github.com/rd235) for all their awesome network namespace tools;\n- [libsdsock](https://github.com/ryancdotorg/libsdsock) for the technical inspiration to make the `libxbind.so` library.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkoro666%2Fxsocket","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkoro666%2Fxsocket","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkoro666%2Fxsocket/lists"}