[systemd-devel] Info about JoinsNamespaceOf, PrivateNetwork systemd directives
george Karakou
mad-proffessor at hotmail.com
Mon May 30 13:49:43 UTC 2016
On 05/30/2016 04:32 PM, Mantas Mikulėnas wrote:
> On Mon, May 30, 2016 at 4:24 PM, george Karakou
> <mad-proffessor at hotmail.com <mailto:mad-proffessor at hotmail.com>> wrote:
>
> Hi again, i am a bit curious about these two directives. Can
> somebody explain in a few words how are these implemented? Using
> linux network namespaces? Or simply put somehow services using
> these 2 directives are forbidden to bind to l3, l4 sockets and
> only allowed to communicate via unix domain sockets? Its an
> interesting feature, i thought i should give it a try.
>
>
> Yes, they use network namespaces, the same kind as `ip netns` or
> `unshare --net`. Compare /proc/<pid>/ns/net of affected processes.
>
> (RestrictAddressFamilies=, however, uses seccomp to forbid using
> certain types of sockets.)
>
> --
> Mantas Mikulėnas <grawity at gmail.com <mailto:grawity at gmail.com>>
Well, thanks my use case was dbus and dbus activated services but i
couldn't make udisks2 work using PrivateNetwork and dbus'es namespace.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20160530/258a780a/attachment.html>
More information about the systemd-devel
mailing list