[lxc-users] Full network device access in the container
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Jan 15 17:11:33 UTC 2014
Quoting Piotr R (tytus64 at gmail.com):
> I seem to remember reading somewhere that I can expose all the host network
> devices to a container by removing all network configuration in my lxc
> config file. Is this correct?
that depends now on your lxc version. That used to be the case until
pretty recently, but it is a dangerous default because your container's
init is then talking in the same abstract unix socket ns as the host.
Which means 'halt' in the container (at least in rhel or ubuntu) can halt
your host.
With new enough lxc you may have to have a
lxc.network.type = none
entry in lxc.conf.
This incidentally requires an update to lxc.conf manpage... Adding that
now.
-serge
More information about the lxc-users
mailing list