-
Simon McVittie authoredThese are like unix:tmpdir=/something, except that the resulting socket is always path-based, never abstract. This is desirable for two reasons: * If a Linux container manager wants to expose a path-based socket into the container, it can do so by bind-mounting it in the container's filesystem namespace. That cannot work for abstract sockets because they are not files. * Conversely, if a Linux container manager does not want to expose a path-based socket in the container, it can avoid bind-mounting it, or bind-mount some harmless object like /dev/null over it. That cannot work for abstract sockets because access to abstract sockets is part of the network namespace, which is all-or-nothing. Signed-off-by:
Simon McVittie <smcv@collabora.com> Reviewed-by:
Philip Withnall <withnall@endlessm.com> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101567
b951c500