fix(net): prevent gvproxy socket path collision between concurrent boxes#219
Merged
DorianZheng merged 2 commits intomainfrom Feb 9, 2026
Merged
fix(net): prevent gvproxy socket path collision between concurrent boxes#219DorianZheng merged 2 commits intomainfrom
DorianZheng merged 2 commits intomainfrom
Conversation
Two concurrent BoxLite instances would collide on /tmp/gvproxy-1.sock
because Go's nextID counter starts at 1 per process. Each shim process
generated the same socket path, causing instance A's networking to break
when instance B started.
The fix makes the caller provide the socket path instead of letting
the Go library generate it. Each box now gets a unique path derived
from its layout: ~/.boxlite/boxes/{box_id}/sockets/net.sock.
Changes:
- Add socket_path field to GvproxyConfig (Rust) and GvproxyConfig (Go)
- Add net_backend_socket_path() to BoxFilesystemLayout
- Add socket_path to NetworkBackendConfig
- Delete gvproxy_get_socket_path FFI chain (Go export, C extern, Rust wrapper)
- Update shim.rs to use config-provided socket path
- Add 4 regression tests covering layout uniqueness, JSON serialization,
config differentiation, and cross-process serde
All 4 -sys build scripts had guards that skipped rebuilding when the output artifact already existed. This defeated cargo's rerun-if-changed mechanism: cargo correctly re-ran the build script when sources changed, but the script exited early because the stale artifact was still present. This caused the gvproxy socket path fix to silently fail at runtime — the Go library was never recompiled despite source changes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/tmp/gvproxy-1.sockbecause Go'snextIDcounter starts at 1 per process. Each shim generates the same socket path, breaking instance A's networking when instance B starts.~/.boxlite/boxes/{box_id}/sockets/net.sock— unique by design.gvproxy_get_socket_pathFFI chain (Go export → C extern → Rust wrapper) — no longer needed since the caller already knows the path.Changes
gvproxy-bridge/main.goSocketPathto Go config, use caller's path, deletegvproxy_get_socket_pathlibgvproxy-sys/src/lib.rsgvproxy_get_socket_pathexternnet/gvproxy/config.rssocket_path: PathBuffield, update constructornet/gvproxy/ffi.rsget_socket_path()wrappernet/gvproxy/instance.rsnet/gvproxy/mod.rsnet/mod.rssocket_pathtoNetworkBackendConfigruntime/layout.rsnet_backend_socket_path()litebox/init/tasks/vmm_spawn.rsbin/shim.rsnet_config.socket_pathinstead of FFI callTest plan
test_different_boxes_get_different_net_backend_socket_paths(layout uniqueness)test_socket_path_survives_json_serialization(JSON reaches Go FFI)test_two_configs_have_different_socket_paths_in_json(collision prevention)test_network_config_carries_unique_socket_paths(serde across process boundary)cargo test -p boxlite— all tests passcargo fmt— cleancargo clippy -D warnings— clean