[Lxc-users] Mitigating LXC Container Evasion?

Michael H. Warfield mhw at WittsEnd.com
Wed Aug 3 21:52:54 UTC 2011


On Wed, 2011-08-03 at 17:41 -0300, Andre Nathan wrote: 
> Hi Olivier
> 
> On Wed, 2011-08-03 at 19:48 +0200, Mauras Olivier wrote:
> > You're true it won't work out of the box, sorry i forgot the network
> > part.
> > 
> > echo 0.0.0.0/0 @      > /smack/netlabel
> 

> Apparently this doesn't support IPv6... do you happen to know of a
> workaround?

That's v4 syntax.  Does it not work at all?  Did you try this:

echo ::/0 @ > /smack/netlabel

Not having tried this myself at all, I'm just asking.  If it doesn't
work, that needs to be fixed but it's a SMACK bug.

> Thanks again,
> Andre

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110803/5a4376fd/attachment.pgp>


More information about the lxc-users mailing list