[lxc-users] Unix Sockets communications between containers
Hans Feldt
hans.feldt at ericsson.com
Tue Nov 11 19:20:09 UTC 2014
With a dir potentially you get a bunch of other sockets available in the container, how can such
security issue be handled?
/Hans
On 11/11/2014 08:03 PM, Serge Hallyn wrote:
> Yup - the dir is generally recommended since if the daemon
> dies and restarts, you'll be able to pick up the new socket
> without restarting the container.
>
> Quoting Hans Feldt (hans.feldt at ericsson.com):
>> I tested something similar (using docker) and just did a bind mount
>> of the host directory where the UNIX socket was created into the
>> container and that worked just fine. I think you can bind mount just
>> the socket file (and not the dir).
>> /Hans
>>
>> On 11/11/2014 02:28 PM, CDR wrote:
>>> Dear friends
>>> I have a container with mysql and wish to have all other containers, and the host, being able to use
>>> a socket to post queries to my database. I thought of sharing a common host-directory, such as
>>> /temp. Once all containers can access the same directory, will they actually be able to talk to
>>> mysql? Mysql uses sockets to communicate with applications in the same box. It is much faster and
>>> uses far less resources than tcp. Does this make any sense? What would it take to make this scenario
>>> work?
>>>
>>>
>>>
>>> _______________________________________________
>>> lxc-users mailing list
>>> lxc-users at lists.linuxcontainers.org
>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
More information about the lxc-users
mailing list