[lxc-devel] per-session network namespace question
Daniel Lezcano
daniel.lezcano at free.fr
Thu Oct 22 11:27:16 UTC 2009
Wilhelm Meier wrote:
[ ... ]
>> Be aware the network namespace isolates af_unix socket
>
> Does this mean that a process in the new network namespace can't
> reach/connect a socket that was created in another namespace but
> visible in the filesystem. An important example would be the
> dbus-socket in /var/run/dbus for the system-dbus instance.
Yes, that's correct but if you create the socket and connect before
unsharing the network namespace, you can use the file descriptor in the
new network namespace without problem, that was taken into account in
the design.
> If this is the case is there a way to circumvent the problem (for
> dbus: afaik one can create an additional dbus listen address, so it
> should be possible to setup a tcp-listen-address on the vethx
> interface in the root network-namespace)
Yes, that should work.
Thanks
-- Daniel
More information about the lxc-devel
mailing list