Provided by: manpages_2.17-1_all bug

NAME

       unix,   PF_UNIX,  AF_UNIX,  PF_LOCAL,  AF_LOCAL  -  Sockets  for  local
       interprocess communication

SYNOPSIS

       #include <sys/socket.h>
       #include <sys/un.h>

       unix_socket = socket(PF_UNIX, type, 0);
       error = socketpair(PF_UNIX, type, 0, int *sv);

DESCRIPTION

       The  PF_UNIX  (also  known  as  PF_LOCAL)  socket  family  is  used  to
       communicate  between  processes  on  the same machine efficiently. Unix
       sockets  can  be  either  anonymous  (created  by   socketpair(2))   or
       associated with a file of type socket.  Linux also supports an abstract
       namespace which is independent of the file system.

       Valid  types  are:  SOCK_STREAM,  for  a  stream-oriented  socket   and
       SOCK_DGRAM,  for  a  datagram-oriented  socket  that  preserves message
       boundaries (as on  most  Unix  implementations,  Unix  domain  datagram
       sockets  are  always  reliable and don’t reorder datagrams); and (since
       kernel 2.6.4) SOCK_SEQPACKET, for  a  connection-oriented  socket  that
       preserves  message  boundaries  and delivers messages in the order that
       they were sent.

       Unix sockets support passing file descriptors or process credentials to
       other processes using ancillary data.

ADDRESS FORMAT

       A  Unix  address  is  defined  as  a filename in the filesystem or as a
       unique  string  in  the  abstract   namespace.   Sockets   created   by
       socketpair(2)  are  anonymous.  For  non-anonymous  sockets  the target
       address can be set using connect(2).  The  local  address  can  be  set
       using  bind(2).  When a socket is connected and it doesn’t already have
       a local address a unique address in  the  abstract  namespace  will  be
       generated automatically.

              #define UNIX_PATH_MAX    108

              struct sockaddr_un {
                  sa_family_t  sun_family;              /* AF_UNIX */
                  char         sun_path[UNIX_PATH_MAX]; /* pathname */
              };

       sun_family  always  contains  AF_UNIX.   sun_path  contains  the  zero-
       terminated pathname of the socket in  the  file  system.   If  sun_path
       starts  with a zero byte it refers to the abstract namespace maintained
       by the Unix protocol module.  The socket’s address in this namespace is
       given  by  the  rest  of the bytes in sun_path.  Note that names in the
       abstract namespace are not zero-terminated.

SOCKET OPTIONS

       For historical reasons  these  socket  options  are  specified  with  a
       SOL_SOCKET type even though they are PF_UNIX specific.  They can be set
       with setsockopt(2) and read with getsockopt(2) by specifying SOL_SOCKET
       as the socket family.

       SO_PASSCRED
              Enables  the receiving of the credentials of the sending process
              ancillary message. When this option is set and the socket is not
              yet  connected  a  unique name in the abstract namespace will be
              generated automatically.  Expects an integer boolean flag.

ANCILLARY MESSAGES

       Ancillary data is sent and received using  sendmsg(2)  and  recvmsg(2).
       For  historical  reasons  the  ancillary message types listed below are
       specified with a SOL_SOCKET type even though they are PF_UNIX specific.
       To  send  them  set  the  cmsg_level  field  of  the  struct cmsghdr to
       SOL_SOCKET and the cmsg_type field to the type.  For  more  information
       see cmsg(3).

       SCM_RIGHTS
              Send  or  receive  a  set  of open file descriptors from another
              process.  The data portion contains an integer array of the file
              descriptors.   The passed file descriptors behave as though they
              have been created with dup(2).

       SCM_CREDENTIALS
              Send  or  receive  Unix  credentials.   This  can  be  used  for
              authentication.   The  credentials  are passed as a struct ucred
              ancillary message.

              struct ucred {
                  pid_t  pid;  /* process ID of the sending process */
                  uid_t  uid;  /* user ID of the sending process */
                  gid_t  gid;  /* group ID of the sending process */
              };

       The credentials which the sender specifies are checked by  the  kernel.
       A process with effective user ID 0 is allowed to specify values that do
       not match its own.  The sender must specify its own process ID  (unless
       it  has  the capability CAP_SYS_ADMIN), its user ID, effective user ID,
       or saved set-user-ID (unless it has  CAP_SETUID),  and  its  group  ID,
       effective  group  ID, or saved set-group-ID (unless it has CAP_SETGID).
       To receive a struct  ucred  message  the  SO_PASSCRED  option  must  be
       enabled on the socket.

VERSIONS

       SCM_CREDENTIALS  and  the abstract namespace were introduced with Linux
       2.2 and should not be used in  portable  programs.   (Some  BSD-derived
       systems also support credential passing, but the implementation details
       differ.)

NOTES

       In  the  Linux  implementation,  sockets  which  are  visible  in   the
       filesystem  honour  the permissions of the directory they are in. Their
       owner, group and their permissions can be changed.  Creation of  a  new
       socket  will  fail  if  the  process  does  not  have  write and search
       (execute) permission  on  the  directory  the  socket  is  created  in.
       Connecting  to  the socket object requires read/write permission.  This
       behavior differs from many BSD-derived systems which ignore permissions
       for Unix sockets. Portable programs should not rely on this feature for
       security.

       Binding to a socket with a filename creates a socket in the file system
       that  must  be deleted by the caller when it is no longer needed (using
       unlink(2)).  The usual Unix close-behind semantics  apply;  the  socket
       can  be  unlinked at any time and will be finally removed from the file
       system when the last reference to it is closed.

       To pass file descriptors or credentials over a SOCK_STREAM, you need to
       send  or  receive  at  least one byte of non-ancillary data in the same
       sendmsg() or recvmsg() call.

       Unix domain stream sockets do not support  the  notion  of  out-of-band
       data.

ERRORS

       ENOMEM Out of memory.

       ECONNREFUSED
              connect(2)  called  with  a  socket object that isn’t listening.
              This can happen when the remote socket does  not  exist  or  the
              filename is not a socket.

       EINVAL Invalid  argument  passed. A common cause is the missing setting
              of AF_UNIX in the sun_type field  of  passed  addresses  or  the
              socket being in an invalid state for the applied operation.

       EOPNOTSUPP
              Stream  operation  called on non-stream oriented socket or tried
              to use the out-of-band data option.

       EPROTONOSUPPORT
              Passed protocol is not PF_UNIX.

       ESOCKTNOSUPPORT
              Unknown socket type.

       EPROTOTYPE
              Remote socket does not match the local socket  type  (SOCK_DGRAM
              vs.  SOCK_STREAM)

       EADDRINUSE
              Selected  local  address  is  already taken or filesystem socket
              object already exists.

       EISCONN
              connect(2) called on an already connected  socket  or  a  target
              address was specified on a connected socket.

       ENOTCONN
              Socket  operation  needs a target address, but the socket is not
              connected.

       ECONNRESET
              Remote socket was unexpectedly closed.

       EPIPE  Remote socket was closed on  a  stream  socket.  If  enabled,  a
              SIGPIPE  is  sent  as  well.  This can be avoided by passing the
              MSG_NOSIGNAL flag to sendmsg(2) or recvmsg(2).

       EFAULT User memory address was not valid.

       EPERM  The sender passed invalid credentials in the struct ucred.

       Other errors can be generated by the generic socket  layer  or  by  the
       filesystem  while  generating  a  filesystem  socket  object.  See  the
       appropriate manual pages for more information.

SEE ALSO

       recvmsg(2),    sendmsg(2),    socket(2),    socketpair(2),     cmsg(3),
       capabilities(7), socket(7)