On Fri, Jan 24, 2014 at 2:02 AM, Lennart Poettering <lenn...@poettering.net> wrote: > On Thu, 23.01.14 11:27, David Timothy Strauss (da...@davidstrauss.net) wrote: > >> >> Has anyone looked at using socketat() for this? It's unclear whether >> that syscall actually exists in any supported form; it's certainly not >> documented. >> >> [1] http://lwn.net/Articles/407495/ > > I don't think this has ever been merged.
We implemented socketat() in Go in our go-namespaces library: https://github.com/coreos/go-namespaces/blob/master/net/net.go#L12 As for the rest of this feature, one other consideration is that we would need the network namespace to be created and the related .sockets to be bound to that namespace, before the process is executed. We've prototyped this with iproute2 and nspawn, because iproute2 has a clever little hack to be able to persist a network namespace using a bind mount-- even if the original clone()'d process has exited. Check out the "ip netns" stuff on this blog post: https://coreos.com/blog/jumpers-and-the-software-defined-localhost/ And, just for reference, here is the iproute2 code for creating network namespaces: https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/tree/ip/ipnetns.c#n386 -Alex _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel