[systemd-devel] Simple question.
Daniel J Walsh
dwalsh at redhat.com
Wed Jan 30 05:17:06 PST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/26/2013 08:07 PM, David Strauss wrote:
> On Fri, Jan 25, 2013 at 12:42 PM, Mantas Mikulėnas <grawity at gmail.com>
> wrote:
>> That some users may want to take advantage of modern Linux features and
>> run httpd without *ever* giving it full root privileges – which it needs
>> for precisely two things, bind() and setuid().
>
> That's another reason why socket activation is great for server
> environments.
>
> -- David Strauss | david at davidstrauss.net | +1 512 577 5827 [mobile]
> _______________________________________________ systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
I am trying to implement the OpenShift model using Secure Linux Containers.
Each Gear/User in an OpenShift environment has an apache service listening on
port 8080 (I believe) on a localhost IPAddress. The host machine also has an
apache service running on port 80, When packets come into the host the apache
service sends them to the correct gear/apache server.
Currently this is done by using some complicated scripting and limited file
system namespace separation. I am interested if we could prototype this
environment using a full Linux Container environment, where each one of the
gears lives in a separate container, with its own systemd, and apache service,
running as the users UID.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlEJHVIACgkQrlYvE4MpobPwLQCeOXFm4Su19hjrdglWmOXMzA7a
u64AoIHSBufUuld8Pj467Zv1rkA3YJYC
=ZIZo
-----END PGP SIGNATURE-----
More information about the systemd-devel
mailing list