[Lxc-users] Mitigating LXC Container Evasion?

Mauras Olivier oliver.mauras at gmail.com
Wed Aug 3 17:48:04 UTC 2011


Hi Andre,

You're true it won't work out of the box, sorry i forgot the network part.

echo 0.0.0.0/0 @      > /smack/netlabel

This will resolve the problem. Smack supports Netlabel/CIPSO, but honestly i
don't need it so i let full access on this side.
You definitely want to check the documentation if you need to fine tune
network accesses.


Cheers,
Olivier

On Wed, Aug 3, 2011 at 7:36 PM, Andre Nathan <andre at digirati.com.br> wrote:

> Hi Olivier
>
> On Tue, 2011-08-02 at 12:13 +0200, Mauras Olivier wrote:
> > Here's a practical example:
> > # smack_label.py -w -r /srv/lxc/lxc1 lxc1
> > # echo "lxc1" > /proc/self/current/attr
> > # lxc-start -n lxc1
> > # echo "_" > /proc/self/current/attr
>
> Does networking inside the containers work for you with this setup?
>
> Thanks,
> Andre
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110803/13c14cbc/attachment.html>


More information about the lxc-users mailing list