To isolate containers, especially unprivileged ones, unix domain sockets may be very helpful.
Sockets would allow to deny most (or maybe any) network access to a container running cryptpad, while still being able to communicate with a network facing webserver.
Since sockets are represented similar to files as part of the filesystem, bind-mounts, classic file permissions etc. may be used to control access to the interface to a cryptpad instance.
The server.listen() Implementation in Node.js already supports Unix Domain Sockets.
While communication via sockets may also yield performance improvements, this is not a motivation for this request.
I'm currently also preparing a pull-request, which would implement this feature.
