Skip to content

[daemon] add optional backend bridge for future socket API service#110

Merged
ravindu644 merged 4 commits into
ravindu644:devfrom
yoshi3jp:main
May 15, 2026
Merged

[daemon] add optional backend bridge for future socket API service#110
ravindu644 merged 4 commits into
ravindu644:devfrom
yoshi3jp:main

Conversation

@yoshi3jp
Copy link
Copy Markdown
Contributor

@yoshi3jp yoshi3jp commented May 13, 2026

Summary

This introduces the first native-side foundation for a future external
droidspaces-socketd service. Provided that this PR is accepted, the development of the endpoint for the following purpose will commence.

The intended long-term goal is to allow Droidspaces to expose a
Podman-style Docker Engine API compatibility service, suitable for tools
such as Portainer, without pulling HTTP/JSON/C++ concerns into the existing
native runtime.

This PR does not implement the public Docker-compatible API yet.
Instead, it adds a small, opt-in, private backend bridge inside the existing
privileged Droidspaces daemon that a future C++ socket daemon can use.

Motivation

Droidspaces already has the correct privileged execution context for
container lifecycle and inspection operations:

  • namespace-sensitive operations are already handled by the existing daemon;
  • Android-specific SELinux and root-manager constraints are already handled there;
  • the native runtime already owns container discovery, lifecycle, and recovery logic.

Rather than duplicating that logic in a new public-facing service, the planned
architecture is:

Portainer / Docker-compatible clients
        │
        ▼
droidspaces-socketd
  - C++
  - HTTP + JSON
  - Docker Engine API compatibility layer
        │
        ▼
private Droidspaces backend bridge
        │
        ▼
existing privileged Droidspaces daemon

This keeps the current native runtime focused and avoids leaking C++ or
public API-server concerns into the existing C codebase.

What this PR adds

1. Optional build gate

A new build flag is introduced:

ENABLE_SOCKETD_BACKEND=1

The bridge is disabled by default, so normal Droidspaces builds remain unchanged.

Example:

make aarch64

builds the existing runtime as before.

make aarch64 ENABLE_SOCKETD_BACKEND=1

builds the runtime with the private socketd backend bridge enabled.

2. Private backend socket bridge

When enabled, the existing Droidspaces daemon starts a small helper process
that listens on a private abstract Unix socket:

@droidspaces-socketd-backend

This is not the future public Portainer-facing socket. It is an internal
control path intended only for the future droidspaces-socketd process.

3. Versioned framed protocol

The new files:

src/socketd_protocol.h
src/socketd_bridge.h
src/socketd_bridge.c

define a small request/response protocol with:

  • magic number;
  • protocol version;
  • opcode;
  • payload length;
  • explicit response status.

The protocol header is written to be safely usable from both C and C++, so the
future external daemon can share it without introducing C++ into the native
runtime.

4. Initial backend operations

This PR implements only the protocol bootstrap operations:

  • PING
  • CAPABILITIES

Container-oriented operations are reserved in the protocol for follow-up work:

  • INFO
  • LIST_CONTAINERS
  • INSPECT_CONTAINER
  • START_CONTAINER
  • STOP_CONTAINER
  • RESTART_CONTAINER

These currently return UNSUPPORTED.

5. Basic local peer restriction

The backend socket currently accepts only:

  • root peers; or
  • peers running under the same effective UID as the daemon.

This is intentionally conservative because the bridge is a privileged local
control interface.

yoshi3jp and others added 4 commits May 14, 2026 01:57
@yoshi3jp
build: gate optional socketd backend bridge
932db91 
The forthcoming C++ droidspaces-socketd daemon needs a narrow private
control path into the existing privileged Droidspaces daemon.  Keep the
native Droidspaces build unchanged by default and compile that bridge only
when ENABLE_SOCKETD_BACKEND=1 is requested.

This keeps the current static-musl runtime layout intact for existing users
while reserving an explicit opt-in build path for the Portainer/Podman
compatibility work.
@yoshi3jp
daemon: add optional private socketd backend bridge
1a82bbd 
Introduce the first native-C seam for the future C++
droidspaces-socketd daemon.

The bridge is intentionally:

  * private, using a separate Linux abstract AF_UNIX socket;
  * opt-in, compiled only with DS_ENABLE_SOCKETD_BACKEND;
  * C-only, keeping C++ out of the existing runtime;
  * tiny, with a versioned framed protocol and root/same-UID peer gate;
  * dormant with respect to the existing CLI/app daemon protocol.

The initial bridge implements only protocol-level PING and CAPABILITIES
requests.  Container listing, inspection, and lifecycle RPCs can be added on
this stable framing without changing the public Docker-compatible API daemon.
@yoshi3jp
Merge WebUI compatibility patch
7871343 
Prep for WebUI compat
@yoshi3jp
Merge branch 'ravindu644:main' into main
55ea7ab
@ravindu644 ravindu644 changed the base branch from main to dev May 15, 2026 17:13
@ravindu644 ravindu644 merged commit 59e53d6 into ravindu644:dev May 15, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yoshi3jp @ravindu644