[lxc-users] Unix Sockets communications between containers
Serge Hallyn
serge.hallyn at ubuntu.com
Tue Nov 11 19:52:27 UTC 2014
Quoting Michael H. Warfield (mhw at WittsEnd.com):
> On Tue, 2014-11-11 at 20:20 +0100, Hans Feldt wrote:
> > With a dir potentially you get a bunch of other sockets available in the container, how can such
> > security issue be handled?
>
> Use tailored application specific directories for the sockets? That's
> no different than using application specific subdirectories for temp
> files. Even if it's just one socket in one directory, creating that
> additional directory provides the isolation from other sockets you
> desire while supporting socket recreation as Serge points out.
Right, I was thinking like how cgmanager does it.
-serge
More information about the lxc-users
mailing list