[lxc-users] Full network device access in the container
Piotr R
tytus64 at gmail.com
Wed Jan 15 17:26:12 UTC 2014
Sorry for not including lxc version. I am running lxc on Red Hat 6.4:
# rpm -qa | grep lxc
lxc-libs-0.9.0-2.el6.x86_64
lxc-0.9.0-2.el6.x86_64
When I used none for network type I got the following error:
lxc-start: invalid network type none
lxc-start: failed to read configuration file
So I presume I should just remove all lxc.network statements from my config
file to get it working.
Thanks,
Piotr
Piotr
On Wed, Jan 15, 2014 at 12:11 PM, Serge Hallyn <serge.hallyn at ubuntu.com>wrote:
> Quoting Piotr R (tytus64 at gmail.com):
> > I seem to remember reading somewhere that I can expose all the host
> network
> > devices to a container by removing all network configuration in my lxc
> > config file. Is this correct?
>
> that depends now on your lxc version. That used to be the case until
> pretty recently, but it is a dangerous default because your container's
> init is then talking in the same abstract unix socket ns as the host.
> Which means 'halt' in the container (at least in rhel or ubuntu) can halt
> your host.
>
> With new enough lxc you may have to have a
>
> lxc.network.type = none
>
> entry in lxc.conf.
>
> This incidentally requires an update to lxc.conf manpage... Adding that
> now.
>
> -serge
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140115/6b52f914/attachment.html>
More information about the lxc-users
mailing list