On Wed, 2008-10-01 at 14:31 +0200, Daniel Lezcano wrote: > Pavel Emelyanov wrote: > >> So there are 2 cases: > >> * full isolation : restriction on VPS > >> * partial isolation : no restriction but *perhaps* problem when migrating > >> > >> Looks like we need an option per namespace to reduce the isolation for > >> af_unix sockets :) > >> - on (default): current behaviour => full isolation > >> - off : partial isolation > > > > You mean some sysctl, that enables/disables this check in unix_find_socket_byinode? > > Yes. I do not see much sense with sysctl as: - check (cross-connected sockets) is required as we can start namespace with already opened socket - this kind of sharing is not implicit but explicit as normal isolated containers _must_ have separate filesystems. In this case this sharing requires explicit host administrator action to link socket between containers _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
