Gao feng <gaof...@cn.fujitsu.com> writes: > right now I only take note of the unix socket /run/systemd/private, > but there may have many similar unix sockets, they can exist in any > path. the strange problems will still happen.
It could just as easily have been a fifo in the filesystem, and the result would have been the same. The network namespace are all about communicating between network namespaces and that is what was allowed here. If you don't want a socket or a fifo or any other file to be used by a container don't give it access to it. It really is that simple. Eric ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
