# unix domain sockets ## unix domain sockets are files. ``` $ file mysock.sock socket ``` the file's permissions determine who can send data to the socket. ## they let 2 programs on the same computer communicate. Docker uses Unix domain sockets, for example! process: "wget /container" (HTTP request) docker (whale): "Here you go!" ## There are 2 kinds of Unix domain sockets 1. stream: like TCP! Lets you send a continuous stream of bytes 2. datagram: like UDP! Lets you send discrete chunks of data ## advantage 1 Lets you use file permissions to restrict access to HTTP/database services! ``` chmod 600 secret.sock ``` This is why Docker uses a unix domain socket. (lock icon) process (with evil horns): "run evil permission container" linux: "permission denied" ## advantage 2 UDP sockets aren't always reliable (even on the same computer). unix domain datagram sockets are reliable! And they won't reorder packets! process: "I can send data and I *know* it'll arrive" ## advantage 3 You can send a file descriptor over a unix domain socket. Useful when handling untrusted input files! process: "here's a file I downloaded from sketchy.com" (arrow showing file being sent to video decoder, which is a sandboxed process)
https://cdn.masto.host/socialjvnsca/media_attachments/files/109/705/944/109/537/017/original/9bce2324d6fc91cd.png
Julia's Reruns Bot
All 076萌SNS content and data are available under the 