[Lxc-users] /proc/sys/net/bridge missing from containers
Serge Hallyn
serge.hallyn at canonical.com
Wed Feb 6 15:22:02 UTC 2013
Quoting Ivan Vilata i Balaguer (ivan at selidor.net):
> Hi everyone,
>
> I'm using lxc 0.9.0 alpha 2 on a 3.7 kernel under Debian (experimental
> kernel), and I've noticed that some files and directories under
> `/proc/sys/net` simply don't appear in my container. Particularly
> `/proc/sys/net/bridge` (which exists in the host) is missing, and I need
> to change some of its files in the container.
>
> (In the 3.2 kernel the files were present, but they were those of the
> host and changing them altered their value in the host too.)
>
> Is it expected that these entries are missing? Is there any way of
> bringin them back?
>
> I can provide more information if needed. Thanks a lot!
This looks simply like a missing feature in the kernel. If you
look at net/bridge/br_netfilter.c:br_netfilter_init(), it is
specifically only sticking net/bridge onto init_net (and only
being called, it seems, at bridge.ko modprobe time). And the
values are not handled per-namespace in brnf_sysctl_call_tables().
If you need this feature, your best bet would be to submit a patch
to implement per-netns net/bridge sysctls. Second best bet would
be to mention your need for it on netdev + linux-kernel mailing lists.
-serge
More information about the lxc-users
mailing list