On 05/30/2016 04:32 PM, Mantas Mikulėnas wrote:
On Mon, May 30, 2016 at 4:24 PM, george Karakou
<mad-proffes...@hotmail.com <mailto:mad-proffes...@hotmail.com>> wrote:
Hi again, i am a bit curious about these two directives. Can
somebody explain in a few words how are these implemented? Using
linux network namespaces? Or simply put somehow services using
these 2 directives are forbidden to bind to l3, l4 sockets and
only allowed to communicate via unix domain sockets? Its an
interesting feature, i thought i should give it a try.
Yes, they use network namespaces, the same kind as `ip netns` or
`unshare --net`. Compare /proc/<pid>/ns/net of affected processes.
(RestrictAddressFamilies=, however, uses seccomp to forbid using
certain types of sockets.)
--
Mantas Mikulėnas <graw...@gmail.com <mailto:graw...@gmail.com>>
Well, thanks my use case was dbus and dbus activated services but i
couldn't make udisks2 work using PrivateNetwork and dbus'es namespace.
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
