Bug 58157

Summary: RFE: Expand PrivateNetwork's use to be NamedNetwork
Product: systemd Reporter: rektide
Component: generalAssignee: systemd-bugs
Status: RESOLVED FIXED QA Contact: systemd-bugs
Severity: minor    
Priority: medium CC: misc
Version: unspecified   
Hardware: Other   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description rektide 2012-12-11 19:42:28 UTC 
PrivateNetwork assigns a new anonymous private namespaced network for the process: a variant of that functionality might create or join existing namespaced networks by name, instead of creating a standalone private networks. This would be extremely useful for securely connecting two daemons which need to share with each other.

Perhaps, as per with systemd.socket files, a joint object, for example a systemd.network, might be in order?
Comment 1 Lennart Poettering 2013-01-14 23:19:00 UTC 
Interesting idea. That could actually work... 

I am pretty sure we shouldn't make this a first class object (too exotic...), but maybe we can find another simpler solution?
Comment 2 Michael Scherer 2013-05-11 10:30:07 UTC 
Another use case could be to be able to restrict the network stack making it have its own firewall.

We run dspam on a server, and using PrivateNetwork=yes broke it. But it only need to connect to 1 single service on a tcp/port, so that would be quite handy to disable everything but this ip/port/protocol, and make sure that firewall rules cannot be changed anymore.
Comment 3 Lennart Poettering 2014-02-21 17:28:29 UTC 
This is implemented in 209 with JoinNamespaceOf=.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.