Do Linux sandboxes isolate "abstract" UNIX domain sockets (IPC)?

[michaelfelixmurphy]

I'm using a compiler which uses UNIX domain sockets (AF_UNIX) for IPC. Specifically, the compiler uses the "abstract" address format, so the socket is not bound to a specific file path on the system.

Is the linux-sandbox strategy supposed to isolate these abstract address namespaces?

I'm seeing the compiler in one sandbox accidentally communicating over this IPC to compilers in another sandbox (when multiple sandboxes are run in parallel). This causes problems for the compiler. I'd expect the processes in one sandbox to only be able to talk to the processes in the same sandbox.

Is there any existing option to isolate the "abstract" UNIX domain sockets in sandboxes? Are there any plans to implement this isolation? Should I file a bug or feature request?

Thanks!