Quoting Michael H. Warfield (m...@wittsend.com):
> On Tue, 2014-11-11 at 20:20 +0100, Hans Feldt wrote:
> > With a dir potentially you get a bunch of other sockets available in the 
> > container, how can such 
> > security issue be handled?
> 
> Use tailored application specific directories for the sockets?  That's
> no different than using application specific subdirectories for temp
> files.  Even if it's just one socket in one directory, creating that
> additional directory provides the isolation from other sockets you
> desire while supporting socket recreation as Serge points out.

Right, I was thinking like how cgmanager does it.

-serge
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Reply via email to