35

When I run netstat --protocol unix or lsof -U I see that some unix socket paths are prepended with @ symbol, for example, @/tmp/dbus-qj8V39Yrpa. Then when I run ls -l /tmp I don't see file named dbus-qj8V39Yrpa there.

The question is what does that prepended @ symbol denote? And second related question, is -- where can I actually find that unix socket file (@/tmp/dbus-qj8V39Yrpa) on the filesystem?

Improve this question
1
  • 1
    For what it's worth, the more modern ss program also shows socket endpoints like "@/tmp/.X11-unix/X0"
    – user732
    Commented May 29, 2015 at 19:52

2 Answers 2

Reset to default
52

The @ probably indicates a socket held in an abstract namespace which doesn't belong to a file in the filesystem.

Quoting from The Linux Programming Interface by Michael Kerrisk:

57.6 The Linux Abstract Socket Namespace

The so-called abstract namespace is a Linux-specific feature that allows us to bind a UNIX domain socket to a name without that name being created in the file system. This provides a few potential advantages:

  • We don’t need to worry about possible collisions with existing names in the file system.
  • It is not necessary to unlink the socket pathname when we have finished using the socket. The abstract name is automatically removed when the socket is closed.
  • We don’t need to create a file-system pathname for the socket. This may be useful in a chroot environment, or if we don’t have write access to a file system.

To create an abstract binding, we specify the first byte of the sun_path field as a null byte (\0). [...]

Displaying a leading null byte to denote such type of a socket may be difficult, so that is maybe the reason for the leading @ sign.

Improve this answer
3
  • 6
    It's noteworthy that the ASCII NUL character is entered in many terminals as ^@ ([Ctrl]+[@]) and it can show up as ^@ when displayed by various Unix commands (such as GNU cat -a).
    – Jim Dennis
    Commented Aug 6, 2018 at 2:57
  • If it was abstract domain sockets, these could not be listed with commands such as ls. If it belongs to the file system, it is not in the abstract namespace.
    – Hibou57
    Commented May 28, 2020 at 15:18
  • So, does that mean that a chrooted process can connect to an abstract unix socket that was bound outside the chroot?
    – arrowd
    Commented Dec 7, 2021 at 13:48
13

As per man 7 unix

  • abstract: an abstract socket address is distinguished by the fact that sun_path[0] is a null byte (\0). All of the remaining bytes in sun_path define the "name" of the socket. (Null bytes in the name have no special significance.) The name has no connection with file system pathnames. The socketâs address in this namespace is given by the rest of the bytes in sun_path. When the address of an abstract socket is returned by getsockname(2), getpeername(2), and accept(2), its length is sizeof(struct sockaddr_un), and sun_path contains the abstract name. The abstract socket namespace is a non-portable Linux extension.

Looks like these are 'abstract' - so no real path is present on filesystem

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .