| 1 |
On Mon, May 12, 2014 at 1:22 PM, Rick "Zero_Chaos" Farina |
| 2 |
<zerochaos@g.o> wrote: |
| 3 |
> That would be nice, can we do the network namespaces so that I at least |
| 4 |
> don't have to bind to a random port? That alone would be a major |
| 5 |
> improvement in usability. |
| 6 |
|
| 7 |
From my very limited understanding of network namespaces, when you |
| 8 |
create one it doesn't contain any interfaces. You can then create |
| 9 |
virtual interfaces inside, and potentially bridge them to other |
| 10 |
interfaces outside. If you just don't bridge it, then you would get |
| 11 |
what amounts to a loopback interface inside the namespace. If you do |
| 12 |
bridge it, then that interface still gets its own IP. |
| 13 |
|
| 14 |
Nothing would be listening on a new virtual interface, so you could |
| 15 |
bind to any port you want to (though I think you'd still need to be |
| 16 |
root to bind to a low port/etc). |
| 17 |
|
| 18 |
> |
| 19 |
> Personally, I would love to be able to talk to localhost outside the |
| 20 |
> ebuild, but if everyone agrees that is too dangerous then I don't feel I |
| 21 |
> am qualified to disagree. |
| 22 |
|
| 23 |
I guess the question is, "why?" I suppose you could provide a way for |
| 24 |
ebuilds to disable the use of namespaces, but I'm not sure if that is |
| 25 |
worth building, or even is desirable. (And yes, I realize this would |
| 26 |
be PM-specific if we did it.) |
| 27 |
|
| 28 |
Rich |
Archives