[Lxc-users] Network interface isolation
jeetu.golani at gmail.com
jeetu.golani at gmail.com
Mon May 14 14:00:56 UTC 2012
Hi guys,
I'm admittedly quite new to LXC therefore forgive me if this is
expected behaviour and/or has been documented/discussed here before.
I've been toying with using lxc as a sandboxing mechanism (process and
filesystem mainly) in my open source (GPLv3) project eBrainPool.
I created a barebone debian container as a test bed using the following command:
lxc-create -n myfirstcontainer -t debian
My host system has two network cards - eth0 and eth2. I have not setup
any bridge device atm. My container simply has an eth0 device which
gets configured via DHCP. There is no other device mentioned in
/etc/network/interfaces.
While booting the container, it tries to get eth0 configured via DHCP
and fails as expected. However ifconfig shows me another eth2 device
in the container. This has the same ip address as the eth2 on the
host.
Furthermore, I can bring down the eth2 from the container and have it
effect the eth2 on the host. Similarly bringing down the interface in
the host affects the container.
I can also ping to the internet (via eth2) in the container.
All of this is done without any explicit network settings in the
config file created by lxc-create. I'll try and copy paste contents of
my config file just as soon as the internet on my device with the
container becomes functional. I may have missed something however from
what I can see there are no network related options and it seems to be
a bare bone config file created by lxc-create, though of course as I
said I may have missed something.
Also, lxc-checkconfig does show that my kernel (debian testing with
kernel 3.1.x) does have the network namespace enabled.
I would appreciate if someone could shed light as to if this is normal
and expected behaviour and if so how could I bring about network
isolation within my container.
Thank you so much :)
Regards,
Jeetu
ebrain.in | Beehive Computing
Discover and run software from devices around you - share your
software and computing resources. A GPLv3 licensed project.
More information about the lxc-users
mailing list