An MS_RDONLY mount disallows binding unix sockets and creating
FIFOs, but it does not prevent opening existing FIFOs and connecting
to unix sockets. Containers and other sandbox-like applications may
want to block IPC to the outside world. Network namespaces can
control access to abstract
An MS_RDONLY mount disallows binding unix sockets and creating
FIFOs, but it does not prevent opening existing FIFOs and connecting
to unix sockets. Containers and other sandbox-like applications may
want to block IPC to the outside world. Network namespaces can
control access to abstract
2 matches
Mail list logo
