On Thursday 28 January 2010, Anthony Liguori wrote: > normal user uses libvirt to launch custom qemu instance. libvirt passes > an fd of a raw socket to qemu and puts the qemu process in a restricted > network namespace. user has another program running listening on a unix > domain socket and does something to the qemu process that causes it to > open the domain socket and send the fd it received from libvirt via > SCM_RIGHTS. I looked at the af_unix code and it seems to suggest that this is not possible, because you cannot bind to a socket that belongs to a different network namespace. I haven't tried it though, so I may have missed something. Arnd -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
