On 08/21/2013 06:42 PM, Eric W. Biederman wrote: > Gao feng <gaof...@cn.fujitsu.com> writes: > >> right now I only take note of the unix socket /run/systemd/private, >> but there may have many similar unix sockets, they can exist in any >> path. the strange problems will still happen. > > It could just as easily have been a fifo in the filesystem, and the > result would have been the same. > > The network namespace are all about communicating between network > namespaces and that is what was allowed here. > > If you don't want a socket or a fifo or any other file to be used by a > container don't give it access to it. It really is that simple. >
Hmm, I tend to think you are right... Thanks! ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
