[lxc-users] abstract socket & network isolation.
Serge Hallyn
serge.hallyn at ubuntu.com
Tue Jul 15 04:01:40 UTC 2014
Quoting Vijay Viswanathan (vijay.vishy at gmail.com):
> Hi
>
> It looks like abstract sockets are affected by network isolation.
>
> If I run two processes using abstract sockets (dbus) running in
> seperate containers with no network isolation and IPC namespace
> removed and they both are able to communicate to each other until now.
>
> When I Added a bridge and gave veth to these two containers, they are
> unable to talk to each other using abstract sockets ( file sockets
> seems to be fine since I share the location of the file sockets).
>
>
> How can I fix this ? or get around this by having abstract sockets as
> an exception to having network namespace?
Can't, and I'd be against changing that. However, you can pass around
/proc/pid/ns/net and setns() back to the old ns to use its abstract sockets.
> --- steps ---
> brought up a bridge
> brought up the container with some mounts and network isolation as below
>
> -- veth3.conf
> lxc.utsname = veth3
> lxc.network.type = veth
> lxc.network.flags = up
> lxc.network.link = br0
> lxc.network.ipv4 = 192.168.10.3/24
> lxc.network.name = eth0
> lxc.network.veth.pair = veth3
> --
> lxc-start -n veth3 -f veth3.conf /bin/sh
> route add default gw 192.168.10.1
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list