On Wed, Nov 27, 2013 at 5:24 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: >> Actually an option to aufs and overlayfs to say "any unix domain socket >> which is opened must first be copied to the writeable layer" would >> solve the issue (at least for all reasonable cases, iiuc) > > I guess I'm reasonably convinced that overlayfs is the right place to > fix this. (Containers using lvm will be left in the cold -- oh, > well.) > > cc: Miklos, who is the most likely to implement one or both of these features. AFAICS implementing the option to copy up a unix domain socket on open is trivial: just need to tweak ovl_open_need_copy_up(). Is that what you were thinking? > (In cases where containers share a (non-overlay) directory that one of > them can write, would it make sense to have an option MS_NOSOCKET that > works on bind mounts?) Isn't it "you can't send SCM_CREDENTIALS", rather than "you can't open unix domain socket"? Thanks, Miklos _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
