On Mon, 30.05.16 16:24, george Karakou (mad-proffes...@hotmail.com) wrote: > Hi again, i am a bit curious about these two directives. Can somebody > explain in a few words how are these implemented? Using linux network > namespaces? Or simply put somehow services using these 2 directives are > forbidden to bind to l3, l4 sockets and only allowed to communicate via unix > domain sockets? Its an interesting feature, i thought i should give it a > try.
PrivateNetwork= simply runs a service in a new network namespace, and adds a loopback device to it, but nothing else. JoinsNamespaceOf= then allows you to run multiple services within the same namespace. Note that network namespaces cover AF_INET and AF_INET6 sockets, as well as abstract AF_UNIX socket, but not AF_UNIX sockets that are stored in the file system, those are namespaced via the filesystem namespaces logic. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
