[systemd-devel] Simple question.

Daniel J Walsh dwalsh at redhat.com
Wed Jan 30 05:17:06 PST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/26/2013 08:07 PM, David Strauss wrote:
> On Fri, Jan 25, 2013 at 12:42 PM, Mantas Mikulėnas <grawity at gmail.com>
> wrote:
>> That some users may want to take advantage of modern Linux features and
>> run httpd without *ever* giving it full root privileges – which it needs
>> for precisely two things, bind() and setuid().
> 
> That's another reason why socket activation is great for server
> environments.
> 
> -- David Strauss | david at davidstrauss.net | +1 512 577 5827 [mobile] 
> _______________________________________________ systemd-devel mailing list 
> systemd-devel at lists.freedesktop.org 
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> 
I am trying to implement the OpenShift model using Secure Linux Containers.
Each Gear/User in an OpenShift environment has an apache service listening on
port 8080 (I believe) on a localhost IPAddress.  The host machine also has an
apache service running on port 80, When packets come into the host the apache
service sends them to the correct gear/apache server.

Currently this is done by using some complicated scripting and limited file
system namespace separation.  I am interested if we could prototype this
environment using a full Linux Container environment, where each one of the
gears lives in a separate container, with its own systemd, and apache service,
running as the users UID.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlEJHVIACgkQrlYvE4MpobPwLQCeOXFm4Su19hjrdglWmOXMzA7a
u64AoIHSBufUuld8Pj467Zv1rkA3YJYC
=ZIZo
-----END PGP SIGNATURE-----


More information about the systemd-devel mailing list