Re: [lxc-devel] [systemd-devel] [PATCH] netns: unix: only allow to find out unix socket in same net namespace

On 08/26/2013 11:19 AM, James Bottomley wrote: > On Mon, 2013-08-26 at 09:06 +0800, Gao feng wrote: >> On 08/26/2013 02:16 AM, James Bottomley wrote: >>> On Sun, 2013-08-25 at 19:37 +0200, Kay Sievers wrote: >>>> On Sun, Aug 25, 2013 at 7:16 PM, James Bottomley >

Re: [lxc-devel] [systemd-devel] [PATCH] netns: unix: only allow to find out unix socket in same net namespace

On 08/26/2013 02:16 AM, James Bottomley wrote: > On Sun, 2013-08-25 at 19:37 +0200, Kay Sievers wrote: >> On Sun, Aug 25, 2013 at 7:16 PM, James Bottomley >> wrote: >>> On Wed, 2013-08-21 at 11:51 +0200, Kay Sievers wrote: >>>> On Wed, Aug 21, 2013 at 9:22 AM,

Re: [lxc-devel] [PATCH] netns: unix: only allow to find out unix socket in same net namespace

On 08/21/2013 06:42 PM, Eric W. Biederman wrote: > Gao feng writes: > >> right now I only take note of the unix socket /run/systemd/private, >> but there may have many similar unix sockets, they can exist in any >> path. the strange problems will still happen. > >

Re: [lxc-devel] [PATCH] netns: unix: only allow to find out unix socket in same net namespace

On 08/21/2013 03:06 PM, Eric W. Biederman wrote: > Gao feng writes: > >> cc libvirt-list >> >> On 08/21/2013 01:30 PM, Eric W. Biederman wrote: >>> Gao feng writes: >>> >>>> Unix sockets are private resources of net namespace, >>&

Re: [lxc-devel] [PATCH] netns: unix: only allow to find out unix socket in same net namespace

cc libvirt-list On 08/21/2013 01:30 PM, Eric W. Biederman wrote: > Gao feng writes: > >> Unix sockets are private resources of net namespace, >> allowing one net namespace to access to other netns's unix >> sockets is meaningless. > > Allowing one net names

Re: [lxc-devel] [PATCH] netns: unix: only allow to find out unix socket in same net namespace

cc contain...@lists.linux-foundation.org On 08/21/2013 12:31 PM, Gao feng wrote: > Unix sockets are private resources of net namespace, > allowing one net namespace to access to other netns's unix > sockets is meaningless. > > I'm researching a problem about shutdown

[lxc-devel] [PATCH] netns: unix: only allow to find out unix socket in same net namespace

-h xxx in container, the shutdown message will be send to the systemd-shutdownd through unix socket /run/systemd/private, and because systemd-shutdownd is running in host, so finally, the host will become shutdown. We should make sure unix sockets are per net namespace to avoid this problem. Signed-o

Re: [lxc-devel] limit the netwok traffic of container from the host

On 07/01/2013 04:04 PM, lsmushroom wrote: > Sorry for the late response. For your question , you could not limit the > network traffic in that way. Because TC will only limit the traffic send out > from the target device . And for the device of > veth type , the device on the host end will “send