#cpuguy83 1527 made an issue for getting

For nested sessions, could this be a a regular socket path in the rootfs?

We decided to only support localhost sockets for SDKs to talk to the session. Unix sockets are possible of course but it adds a fair bit of non-trivial overhead to implementing an SDK in a new language, so we decided against it

Also thinking, there could be an option to have the shim unshare(NS_PID) before execing but this would only work for privileged execs (which systemd needs anyway).

I guess since my process is privileged I could do that unshare as well.

Oh interesting idea... I'm not sure if that would wreak havok on runc's view of the processes in the container, but yeah that seems viable.

We actually want to make this change in general too for other reasons (e.g. we are currently exposing the raw buildkit socket too in order to run the nested session), but yeah actually if you as a user could do a pid ns unshare that's definitely the quickest possible way to get unblocked

Let me know if you try it, I'm curious whether it works in practice!