On February 28, 2020 8:09:45 PM GMT+01:00, "Serge E. Hallyn" <se...@hallyn.com> wrote: >On Fri, Feb 28, 2020 at 02:34:25PM +0100, Ede Wolf wrote: >> Hello, >> >> do we have any alternatives to classical bridging right now for >connecting >> (to) unprivileged containers? Like macvlan or ipvlan? >> >> If so, I may haved missed the documentation, otherwise, are there any >plans >> to incorporate those options? Or maybe there are sound reasons not do >at >> all? > >Hi, > > >There are a few places where Dinesh has done presentations like > > https://ostconf.com/en/materials/2478 > >about the idea of intercepting some core networking calls in >containers, >from the container runtime. As a very barbaric example, you could run >the container under ptrace, intercept connect() and bind() calls, do >those >actions on their behalf in the parent namespace, pass the sockets back, >and allow the container to proceed as if it had done the connection >itself. >The somewhat recent seccomp-ptrace stuff should make that much more >civilized. > >-serge >_______________________________________________ >lxc-users mailing list >lxc-users@lists.linuxcontainers.org >http://lists.linuxcontainers.org/listinfo/lxc-users
You know I've landed pidfd_getfd() too, right? :) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8649c322f75c96e7ced2fec201e123b2b073bf09 _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
