Unix sockets are private resources of net namespace,
allowing one net namespace to access to other netns's unix
sockets is meaningless.
I'm researching a problem about shutdown from container,
if the cotainer shares the same file /run/systemd/private
with host, when we run shutdown -h xxx in conta
cc contain...@lists.linux-foundation.org
On 08/21/2013 12:31 PM, Gao feng wrote:
> Unix sockets are private resources of net namespace,
> allowing one net namespace to access to other netns's unix
> sockets is meaningless.
>
> I'm researching a problem about shutdown from container,
> if the cota
Gao feng writes:
> Unix sockets are private resources of net namespace,
> allowing one net namespace to access to other netns's unix
> sockets is meaningless.
Allowing one net namespace to access another netns's unix socket is
deliberate behavior. This is a desired and useful feature, and
only
cc libvirt-list
On 08/21/2013 01:30 PM, Eric W. Biederman wrote:
> Gao feng writes:
>
>> Unix sockets are private resources of net namespace,
>> allowing one net namespace to access to other netns's unix
>> sockets is meaningless.
>
> Allowing one net namespace to access another netns's unix so
Gao feng writes:
> cc libvirt-list
>
> On 08/21/2013 01:30 PM, Eric W. Biederman wrote:
>> Gao feng writes:
>>
>>> Unix sockets are private resources of net namespace,
>>> allowing one net namespace to access to other netns's unix
>>> sockets is meaningless.
>>
>> Allowing one net namespace to
On 08/21/2013 03:06 PM, Eric W. Biederman wrote:
> Gao feng writes:
>
>> cc libvirt-list
>>
>> On 08/21/2013 01:30 PM, Eric W. Biederman wrote:
>>> Gao feng writes:
>>>
Unix sockets are private resources of net namespace,
allowing one net namespace to access to other netns's unix
On Wed, Aug 21, 2013 at 9:22 AM, Gao feng wrote:
> On 08/21/2013 03:06 PM, Eric W. Biederman wrote:
>> I suspect libvirt should simply not share /run or any other normally
>> writable directory with the host. Sharing /run /var/run or even /tmp
>> seems extremely dubious if you want some kind of
On Wed, Aug 21, 2013 at 11:51:53AM +0200, Kay Sievers wrote:
> On Wed, Aug 21, 2013 at 9:22 AM, Gao feng wrote:
> > On 08/21/2013 03:06 PM, Eric W. Biederman wrote:
>
> >> I suspect libvirt should simply not share /run or any other normally
> >> writable directory with the host. Sharing /run /va
Gao feng writes:
> right now I only take note of the unix socket /run/systemd/private,
> but there may have many similar unix sockets, they can exist in any
> path. the strange problems will still happen.
It could just as easily have been a fifo in the filesystem, and the
result would have been
On 08/21/2013 06:42 PM, Eric W. Biederman wrote:
> Gao feng writes:
>
>> right now I only take note of the unix socket /run/systemd/private,
>> but there may have many similar unix sockets, they can exist in any
>> path. the strange problems will still happen.
>
> It could just as easily have be
On Wed, 2013-08-21 at 11:51 +0200, Kay Sievers wrote:
> On Wed, Aug 21, 2013 at 9:22 AM, Gao feng wrote:
> > On 08/21/2013 03:06 PM, Eric W. Biederman wrote:
>
> >> I suspect libvirt should simply not share /run or any other normally
> >> writable directory with the host. Sharing /run /var/run o
On Sun, Aug 25, 2013 at 7:16 PM, James Bottomley
wrote:
> On Wed, 2013-08-21 at 11:51 +0200, Kay Sievers wrote:
>> On Wed, Aug 21, 2013 at 9:22 AM, Gao feng wrote:
>> > On 08/21/2013 03:06 PM, Eric W. Biederman wrote:
>>
>> >> I suspect libvirt should simply not share /run or any other normally
>
On Sun, 2013-08-25 at 19:37 +0200, Kay Sievers wrote:
> On Sun, Aug 25, 2013 at 7:16 PM, James Bottomley
> wrote:
> > On Wed, 2013-08-21 at 11:51 +0200, Kay Sievers wrote:
> >> On Wed, Aug 21, 2013 at 9:22 AM, Gao feng wrote:
> >> > On 08/21/2013 03:06 PM, Eric W. Biederman wrote:
> >>
> >> >> I
On 08/26/2013 02:16 AM, James Bottomley wrote:
> On Sun, 2013-08-25 at 19:37 +0200, Kay Sievers wrote:
>> On Sun, Aug 25, 2013 at 7:16 PM, James Bottomley
>> wrote:
>>> On Wed, 2013-08-21 at 11:51 +0200, Kay Sievers wrote:
On Wed, Aug 21, 2013 at 9:22 AM, Gao feng wrote:
> On 08/21/2013
On Mon, 2013-08-26 at 09:06 +0800, Gao feng wrote:
> On 08/26/2013 02:16 AM, James Bottomley wrote:
> > On Sun, 2013-08-25 at 19:37 +0200, Kay Sievers wrote:
> >> On Sun, Aug 25, 2013 at 7:16 PM, James Bottomley
> >> wrote:
> >>> On Wed, 2013-08-21 at 11:51 +0200, Kay Sievers wrote:
> On Wed,
On 08/26/2013 11:19 AM, James Bottomley wrote:
> On Mon, 2013-08-26 at 09:06 +0800, Gao feng wrote:
>> On 08/26/2013 02:16 AM, James Bottomley wrote:
>>> On Sun, 2013-08-25 at 19:37 +0200, Kay Sievers wrote:
On Sun, Aug 25, 2013 at 7:16 PM, James Bottomley
wrote:
> On Wed, 2013-08-21
On Mon, 2013-08-26 at 11:35 +0800, Gao feng wrote:
> On 08/26/2013 11:19 AM, James Bottomley wrote:
> > Yes, we are discussing this problem in this whole thread.
I wasn't really watching that bit, since the problem looks solved to me.
I was just reacting against the unfortunate notion that a conta
Quoting Gao feng (gaof...@cn.fujitsu.com):
> On 08/26/2013 11:19 AM, James Bottomley wrote:
> > On Mon, 2013-08-26 at 09:06 +0800, Gao feng wrote:
> >> On 08/26/2013 02:16 AM, James Bottomley wrote:
> >>> On Sun, 2013-08-25 at 19:37 +0200, Kay Sievers wrote:
> On Sun, Aug 25, 2013 at 7:16 PM,
18 matches
Mail list logo
