Quoting Wilhelm (wilhelm.me...@fh-kl.de):
> Hi all,
>
> is it safe to use initctl in a container using upstart (as ubuntu lucid)?
>
> Especially, upstart-init uses an abstract unix-socket:
>
> connect(3, {sa_family=AF_FILE, path=@"/com/ubuntu/upstart"}, 22) = 0
>
> Is this socket separated from the parent (host) namespace, so the
> container can't affect the host-system?
Yes, so long as you use a private net_ns, it will be separated. If
you don't use a private net_ns, then not only will it talk to the
host's upstart, but, bc of current limitations on credentials passing,
upstart won't be able to tell if the container doesn't have
CAP_SYS_BOOT.
-serge
------------------------------------------------------------------------------
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
