[lxc-users] abstract socket & network isolation.

Vijay Viswanathan vijay.vishy at gmail.com
Fri Nov 21 22:21:49 UTC 2014 

Looks like network.type=empty also has the same problem. ( process
outside of the container cannot access these abstract sockets ) .
Can you tell me why ? searching for sometime I found that empty
creates an empty namespace but
# ip netns list
doesnt list anything
how do I see the interfaces in the container ?

$ sudo ls -al /proc/1818/ns/net
lrwxrwxrwx 1 root root 0 Nov 21 14:18 /proc/1818/ns/net -> net:[4026532748]

what is net:[4026532748] ?

Also,
How do i restrict access to loopback interface in the container ( man
page says empty will have loopback interface )

Thanks.


On Mon, Jul 14, 2014 at 9:01 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting Vijay Viswanathan (vijay.vishy at gmail.com):
>> Hi
>>
>> It looks like abstract sockets are affected by network isolation.
>>
>> If I run two processes using abstract sockets (dbus) running in
>> seperate containers with no network isolation and IPC namespace
>> removed and they both are able to communicate to each other until now.
>>
>> When I Added a bridge and gave veth to these two containers, they are
>> unable to talk to each other using abstract sockets ( file sockets
>> seems to be fine since I share the location of the file sockets).
>>
>>
>> How can I fix this ?  or get around this by having abstract sockets as
>> an exception to having network namespace?
>
> Can't, and I'd be against changing that.  However, you can pass around
> /proc/pid/ns/net and setns() back to the old ns to use its abstract sockets.
>
>> --- steps ---
>> brought up a bridge
>> brought up the container with some mounts and network isolation as below
>>
>> -- veth3.conf
>> lxc.utsname = veth3
>> lxc.network.type = veth
>> lxc.network.flags = up
>> lxc.network.link = br0
>> lxc.network.ipv4 = 192.168.10.3/24
>> lxc.network.name = eth0
>> lxc.network.veth.pair = veth3
>> --
>> lxc-start -n veth3 -f veth3.conf /bin/sh
>> route add default gw 192.168.10.1
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list