On Mon, May 12, 2014 at 1:22 PM, Rick "Zero_Chaos" Farina <[email protected]> wrote: > That would be nice, can we do the network namespaces so that I at least > don't have to bind to a random port? That alone would be a major > improvement in usability.
>From my very limited understanding of network namespaces, when you create one it doesn't contain any interfaces. You can then create virtual interfaces inside, and potentially bridge them to other interfaces outside. If you just don't bridge it, then you would get what amounts to a loopback interface inside the namespace. If you do bridge it, then that interface still gets its own IP. Nothing would be listening on a new virtual interface, so you could bind to any port you want to (though I think you'd still need to be root to bind to a low port/etc). > > Personally, I would love to be able to talk to localhost outside the > ebuild, but if everyone agrees that is too dangerous then I don't feel I > am qualified to disagree. I guess the question is, "why?" I suppose you could provide a way for ebuilds to disable the use of namespaces, but I'm not sure if that is worth building, or even is desirable. (And yes, I realize this would be PM-specific if we did it.) Rich
