wollomatic
commented
3 weeks ago Hi Andre,
thanks for the suggestion. I also thought about this before and I think it will be implemented in a (not-so-)future release.
Open andrebrait opened 3 weeks ago
wollomatic
commented
3 weeks ago Hi Andre,
thanks for the suggestion. I also thought about this before and I think it will be implemented in a (not-so-)future release.
Is your feature request related to a problem? Please describe.
Some applications simply do not like having a remote host to listen to and would much rather have a UNIX socket to connect to. Plus, UNIX socket skip the whole TCP/IP stack, routing, etc. and may thus be faster.
Currently all socket proxies that may be used to control what and how something can access a UNIX socket expose the functionality through the network, usually plain TCP.
Describe the solution you'd like
Find a way to expose the filtered and controlled operations in a UNIX socket. The user should be able to set the path desired for such socket and make that available for mounting to e.g. another container (speaking specifically about Docker here).
Describe alternatives you've considered
None.
Additional context
I know some types of filtering, like allowed IPs and hosts, are impossible (and besides the point) if exposing it as a UNIX socket.
Given UNIX sockets require a system call and are a kernel feature, I'm not sure what it takes to make use of them from within a container, but hey, that's the point of opening the issue as well. I'm gonna do some investigation.