22.05.2012 22:11, J. Bruce Fields написал:
On Tue, May 22, 2012 at 07:19:29PM +0400, Stanislav Kinsbursky wrote:
Just a reminder: abstract (is it the right name?) UNIX sockets (with
'\0' as a first character in name) are containerized already.
If UNIX socket is the only way. then maybe this "abstract" socket can be used?
Huh.  Reading the section on abstract addresses in unix(7)....  Maybe
that would work.  I don't quite understand the namespace.  If we fix a
name for gss-proxy to use, what's to prevent somebody else from binding
to the same name and preventing us from using it?

Alien network namespace.
Abstract sockets address consist of two parts: name istelf and network namespace. Have a look at unix_bind () - you'll see, that sockets with the same name but different network namespace are skipped.


