On Fri, Feb 28, 2020 at 08:12:17PM +0100, Christian Brauner wrote: > On February 28, 2020 8:09:45 PM GMT+01:00, "Serge E. Hallyn" > <se...@hallyn.com> wrote: > >On Fri, Feb 28, 2020 at 02:34:25PM +0100, Ede Wolf wrote: > >> Hello, > >> > >> do we have any alternatives to classical bridging right now for > >connecting > >> (to) unprivileged containers? Like macvlan or ipvlan? > >> > >> If so, I may haved missed the documentation, otherwise, are there any > >plans > >> to incorporate those options? Or maybe there are sound reasons not do > >at > >> all? > > > >Hi, > > > > > >There are a few places where Dinesh has done presentations like > > > > https://ostconf.com/en/materials/2478 > > > >about the idea of intercepting some core networking calls in > >containers, > >from the container runtime. As a very barbaric example, you could run > >the container under ptrace, intercept connect() and bind() calls, do > >those > >actions on their behalf in the parent namespace, pass the sockets back, > >and allow the container to proceed as if it had done the connection > >itself. > >The somewhat recent seccomp-ptrace stuff should make that much more > >civilized. > > > >-serge > >_______________________________________________ > >lxc-users mailing list > >lxc-users@lists.linuxcontainers.org > >http://lists.linuxcontainers.org/listinfo/lxc-users > > You know I've landed pidfd_getfd() too, right? :) > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8649c322f75c96e7ced2fec201e123b2b073bf09
sweet. but have you put it all together and put a bow on it yet :) thanks, -serge _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users