[systemd-devel] Info about JoinsNamespaceOf, PrivateNetwork systemd directives
Mantas Mikulėnas
grawity at gmail.com
Mon May 30 13:32:39 UTC 2016
On Mon, May 30, 2016 at 4:24 PM, george Karakou <mad-proffessor at hotmail.com>
wrote:
> Hi again, i am a bit curious about these two directives. Can somebody
> explain in a few words how are these implemented? Using linux network
> namespaces? Or simply put somehow services using these 2 directives are
> forbidden to bind to l3, l4 sockets and only allowed to communicate via
> unix domain sockets? Its an interesting feature, i thought i should give it
> a try.
>
Yes, they use network namespaces, the same kind as `ip netns` or `unshare
--net`. Compare /proc/<pid>/ns/net of affected processes.
(RestrictAddressFamilies=, however, uses seccomp to forbid using certain
types of sockets.)
--
Mantas Mikulėnas <grawity at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20160530/55b6dcf2/attachment.html>
More information about the systemd-devel
mailing list