-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sockets created in /tmp cause issues with relays run in containers on systems with SELinux #218
Comments
I think there is only one reason for that is, that the unix socket is not only used for mgmt, but can also be used for communication, when having multiple nodes on the same machine. |
Hmm, wouldn't opening a UDP listening port not work? In that case you just communicate via the IP/UDP stack. Admittedly this does confine you to the UDP/IP implementation. |
I'm trying to get ccn-lite running in docker containers in order to make it easier to spin up, manage, and orchestrate ccn-lite networks for testing. I noticed that relays will create temporary sockets in
/tmp
so to get ccn-lite-ctrl working I had to also share the host's/tmp
with the container. However, access to this socket is blocked by SELinux. Disabling SELinux withsetenforce 0
makes the problem go away, but that's obviously not ideal. Adding a policy for sockets created in /tmp also does not sound great.Is there a simpler way around this? Is there a good reason for creating these temporary sockets? Why is the one socket created by the relay not enough?
The text was updated successfully, but these errors were encountered: