Very long instance names can trigger "UNIX socket path is too long" error

[gibmat]

Required information

• Distribution: Debian
• Distribution version: bookworm
• Incus version: 6.6-debian12-202410041801 from Zabbly

Issue description

I stumbled into an edge case while doing some testing. If you create an instance with a really long name (such as below with the maximum of 63 characters) and then add a virtual TPM, the instance will fail to start because the path to the unix socket is longer than the kernel's limit.

You can also trigger this if you're using a non-default project with a long name and then create an instance with a medium length name (how I originally encountered this problem).

Steps to reproduce

$ incus init --vm images:ubuntu/24.04 a-really-loooooooooooooooooooooooooooooooooooooooooooooong-name
$ incus config device add a-really-loooooooooooooooooooooooooooooooooooooooooooooong-name vtpm tpm
$ incus start a-really-loooooooooooooooooooooooooooooooooooooooooooooong-name
Error: Failed to run: forklimits limit=memlock:unlimited:unlimited fd=3 fd=4 -- /opt/incus/bin/qemu-system-x86_64 -S -name a-really-loooooooooooooooooooooooooooooooooooooooooooooong-name -uuid 7610a31b-6296-4c45-8566-a9c814188170 -daemonize -cpu host,hv_passthrough -nographic -serial chardev:console -nodefaults -no-user-config -sandbox on,obsolete=deny,elevateprivileges=allow,spawn=allow,resourcecontrol=deny -readconfig /run/incus/a-really-loooooooooooooooooooooooooooooooooooooooooooooong-name/qemu.conf -spice unix=on,disable-ticketing=on,addr=/run/incus/a-really-loooooooooooooooooooooooooooooooooooooooooooooong-name/qemu.spice -pidfile /run/incus/a-really-loooooooooooooooooooooooooooooooooooooooooooooong-name/qemu.pid -D /var/log/incus/a-really-loooooooooooooooooooooooooooooooooooooooooooooong-name/qemu.log -smbios type=2,manufacturer=LinuxContainers,product=Incus -runas incus: : exit status 1
$ incus info --show-log a-really-loooooooooooooooooooooooooooooooooooooooooooooong-name
Name: a-really-loooooooooooooooooooooooooooooooooooooooooooooong-name
Status: STOPPED
Type: virtual-machine
Architecture: x86_64
Created: 2024/10/30 12:39 MDT
Last Used: 1969/12/31 17:00 MST

Log:

qemu-system-x86_64:/run/incus/a-really-loooooooooooooooooooooooooooooooooooooooooooooong-name/qemu.conf:259: UNIX socket path '/var/lib/incus/virtual-machines/a-really-loooooooooooooooooooooooooooooooooooooooooooooong-name/tpm.vtpm/swtpm-vtpm.sock' is too long
Path must be less than 108 bytes

[stgraber]

Not the first time we hit this kind of issue. We usually work around it by using a /proc/self/fd/ reference instead of the full path, though this tends to work far better when we can use QMP to add the device as we can just feed the fd through QMP.

In this instance, I think we'll want to first check whether it's possible to use QMP to inject a TPM into the VM. If it is, we'll first want to move our TPM code to using that. Once that's done, we can then change the TPM unix socket path logic to use SendFile followed by a /proc/self/fd/X path for the socket.

If it's not possible to do over QMP, then things will be a bit more difficult as we'd need to pass that socket fd to QEMU within a predetermined FD slot. That should be possible but will need more changes and be more annoying to plumb through.