Pavel Emelyanov wrote: >> So there are 2 cases: >> * full isolation : restriction on VPS >> * partial isolation : no restriction but *perhaps* problem when migrating >> >> Looks like we need an option per namespace to reduce the isolation for >> af_unix sockets :) >> - on (default): current behaviour => full isolation >> - off : partial isolation > > You mean some sysctl, that enables/disables this check in unix_find_socket_byinode? Yes. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
