-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/26/2013 08:07 PM, David Strauss wrote: > On Fri, Jan 25, 2013 at 12:42 PM, Mantas Mikulėnas <graw...@gmail.com> > wrote: >> That some users may want to take advantage of modern Linux features and >> run httpd without *ever* giving it full root privileges – which it needs >> for precisely two things, bind() and setuid(). > > That's another reason why socket activation is great for server > environments. > > -- David Strauss | da...@davidstrauss.net | +1 512 577 5827 [mobile] > _______________________________________________ systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel > I am trying to implement the OpenShift model using Secure Linux Containers. Each Gear/User in an OpenShift environment has an apache service listening on port 8080 (I believe) on a localhost IPAddress. The host machine also has an apache service running on port 80, When packets come into the host the apache service sends them to the correct gear/apache server.
Currently this is done by using some complicated scripting and limited file system namespace separation. I am interested if we could prototype this environment using a full Linux Container environment, where each one of the gears lives in a separate container, with its own systemd, and apache service, running as the users UID. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlEJHVIACgkQrlYvE4MpobPwLQCeOXFm4Su19hjrdglWmOXMzA7a u64AoIHSBufUuld8Pj467Zv1rkA3YJYC =ZIZo -----END PGP SIGNATURE----- _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
