On Thu, Jan 23, 2014 at 11:43:52 -0800, David Timothy Strauss wrote: > To join a namespace, you'll need a file descriptor for the namespace > so you can run setns() [1]. It's possible to share a file descriptor > by keeping it open while forking (which is how socket activation > works) or passing it over a Unix domain socket [2].
Yeah, I'm aware; I was more interested in whether systemd would be something I could have to it for me (using the declarative syntax) rather than having a service sit around just for one fd to hand out[1]. I think some general ability to bring different services into namespaces which get setup by another unit would be worthwhile in the long run, but I only really have a use case for network sharing[2]. Thanks, --Ben [1]Plus, it'd probably be doing things with either D-Bus and PolicyKit or a AF_UNIX socket with manual credential checking and that sounds like a lot of stuff to code up just to hand out one fd when requested. [2]I guess adding services to containers would be another, but you already have a PID 1 in those anyways (the system/user boundary is the sticking point here). _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
