Quoting Michael H. Warfield (m...@wittsend.com): > On Tue, 2014-11-11 at 20:20 +0100, Hans Feldt wrote: > > With a dir potentially you get a bunch of other sockets available in the > > container, how can such > > security issue be handled? > > Use tailored application specific directories for the sockets? That's > no different than using application specific subdirectories for temp > files. Even if it's just one socket in one directory, creating that > additional directory provides the isolation from other sockets you > desire while supporting socket recreation as Serge points out.
Right, I was thinking like how cgmanager does it. -serge _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
