[Lxc-users] Making LXC accept an already open network interface—or other options

[David Serrano]

Hi,

At $work we're currently using KVM and setting it up so that it uses a
previously opened TAP interface: 'kvm -net tap,fd=3'. This way, we are
able to create the interface a set up a couple of ebtables filters on
it before going on. Now, we would like to do the same with LXC.

After taking a look to the documentation I don't think LXC is able to
get the interface from a given FD, so I guess I should look for a
workaround. I see there's a message in the LXC log that says
«instanciated veth 'vethC1zCUS/vethtCn0zY'» but the relevant container
doesn't appear in the same line. Yes it's in the previous line but
relying on that is prone to race conditions. Moreover, reading from a
debug log isn't elegant at all...

Do I have other options I haven't considered?

Thank you,


--
David Serrano