[systemd-devel] Info about JoinsNamespaceOf, PrivateNetwork systemd directives
george Karakou
mad-proffessor at hotmail.com
Mon May 30 16:10:51 UTC 2016
On 05/30/2016 06:04 PM, Lennart Poettering wrote:
> On Mon, 30.05.16 16:24, george Karakou (mad-proffessor at hotmail.com) wrote:
>
>> Hi again, i am a bit curious about these two directives. Can somebody
>> explain in a few words how are these implemented? Using linux network
>> namespaces? Or simply put somehow services using these 2 directives are
>> forbidden to bind to l3, l4 sockets and only allowed to communicate via unix
>> domain sockets? Its an interesting feature, i thought i should give it a
>> try.
> PrivateNetwork= simply runs a service in a new network namespace, and
> adds a loopback device to it, but nothing else.
>
> JoinsNamespaceOf= then allows you to run multiple services within the
> same namespace.
>
> Note that network namespaces cover AF_INET and AF_INET6 sockets, as
> well as abstract AF_UNIX socket, but not AF_UNIX sockets that are
> stored in the file system, those are namespaced via the filesystem
> namespaces logic.
>
> Lennart
>
Thanks a lot, this clarifies it.
More information about the systemd-devel
mailing list