Is it possible to share unix-domain sockets between namespaces created by ip netns?
My default namespace is connected to an internal network. I have a namespace named inet, which has access to the internet. I'd like to run a browser in the inet namespace and connect to it via VNC from the internal network. But the problem is that that the connection from the browser to the VNC server is a unix domain socket, which is technically a form of networking. Since the browser and the X11/VNC server are in different network namespaces, they can't communicate.
Is there any way to share unix domain sockets between two network namespaces?
$ netstat --unix -lpn| grep X11
unix 2 [ ACC ] STREAM LISTENING 31239 3247/Xtigervnc /tmp/.X11-unix/X1
unix 2 [ ACC ] STREAM LISTENING 31238 3247/Xtigervnc @/tmp/.X11-unix/X1
$ ip netns
inet (id: 0)
$ sudo ip netns exec inet netstat --unix -lpn
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
$ sudo ip netns exec inet sh -c 'DISPLAY=:1 xmessage foo'
No protocol specified
Error: Can't open display: :1
Unix domain sockets are not affected by your network namespace. If we create two namespaces:
And then create a unix socket in one:
We can connect to that from another namespace without a problem:
And communicate just fine. Unix sockets are bound to the filesystem, not the network environment (this fact is often used to communicate between containers by placing unix sockets on a shared volume).
Furthermore, on my system, we see:
And also:
But this works just ifne: