[systemd-devel] Info about JoinsNamespaceOf, PrivateNetwork systemd directives

Lennart Poettering lennart at poettering.net
Mon May 30 15:04:32 UTC 2016


On Mon, 30.05.16 16:24, george Karakou (mad-proffessor at hotmail.com) wrote:

> Hi again, i am a bit curious about these two directives. Can somebody
> explain in  a few words how are these implemented? Using linux network
> namespaces? Or simply put somehow services using these 2 directives are
> forbidden to bind to l3, l4 sockets and only allowed to communicate via unix
> domain sockets? Its an interesting feature, i thought i should give it a
> try.

PrivateNetwork= simply runs a service in a new network namespace, and
adds a loopback device to it, but nothing else.

JoinsNamespaceOf= then allows you to run multiple services within the
same namespace.

Note that network namespaces cover AF_INET and AF_INET6 sockets, as
well as abstract AF_UNIX socket, but not AF_UNIX sockets that are
stored in the file system, those are namespaced via the filesystem
namespaces logic.

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list