[lxc-devel] [lxd/master] Allow setting lxc.network.X.ipv{4, 6}[.gateway]

stgraber on Github lxc-bot at linuxcontainers.org
Wed Feb 24 17:27:10 UTC 2016 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 750 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160224/ef772c7c/attachment.bin>
-------------- next part --------------
From 43aad2f61f3b90633d919379ec86b2b1f8f1939b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 24 Feb 2016 12:25:19 -0500
Subject: [PATCH] Allow setting lxc.network.X.ipv{4,6}[.gateway]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is absolutely unsupported (just like anything through raw.lxc) but
when restricted to only numbered interface and only those two keys, this
shouldn't conflict with LXD's one network handling.

Note that finding the right interface index is left to the user to
figure out, LXD doesn't in any way guarantee LXC configuration ordering
to be consistent across restarts.

Closes #1259

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/container_lxc.go | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 9983067..08fd352 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -63,13 +63,24 @@ func lxcValidConfig(rawLxc string) error {
 			return fmt.Errorf("Invalid raw.lxc line: %s", line)
 		}
 
+		key := strings.ToLower(strings.Trim(membs[0], " \t"))
+
 		// Blacklist some keys
-		if strings.ToLower(strings.Trim(membs[0], " \t")) == "lxc.logfile" {
+		if key == "lxc.logfile" {
 			return fmt.Errorf("Setting lxc.logfile is not allowed")
 		}
 
-		if strings.HasPrefix(strings.ToLower(strings.Trim(membs[0], " \t")), "lxc.network.") {
-			return fmt.Errorf("Setting lxc.network keys is not allowed")
+		if strings.HasPrefix(key, "lxc.network.") {
+			fields := strings.Split(key, ".")
+			if len(fields) == 4 && shared.StringInSlice(fields[3], []string{"ipv4", "ipv6"}) {
+				continue
+			}
+
+			if len(fields) == 5 && shared.StringInSlice(fields[3], []string{"ipv4", "ipv6"}) && fields[4] == "gateway" {
+				continue
+			}
+
+			return fmt.Errorf("Only interface-specific ipv4/ipv6 lxc.network keys are allowed")
 		}
 	}
 
@@ -675,6 +686,12 @@ func (c *containerLXC) initLXC() error {
 					return err
 				}
 			}
+
+			err = lxcSetConfigItem(cc, "lxc.network.flags", "up")
+			if err != nil {
+				return err
+			}
+
 			if shared.StringInSlice(m["nictype"], []string{"bridged", "physical", "macvlan"}) {
 				err = lxcSetConfigItem(cc, "lxc.network.link", m["parent"])
 				if err != nil {

More information about the lxc-devel mailing list