[lxc-users] networking and permissions questions
Fajar A. Nugraha
list at fajar.net
Tue Apr 28 03:05:14 UTC 2015
On Tue, Apr 28, 2015 at 6:53 AM, Joe McDonald <ideafilter at gmail.com> wrote:
> 1) Do I need to specify this IP in both the
> config file and the rootfs/etc/network/interfaces file?
> Is there a better way to do this?
IMHO the best way is on container's interfaces file
>
> 2) why does one container (ubsharedweb) show the same IP address twice?
>
try lxc-attach to that container, and do "ip ad li". My guess is
there's some misconfiguration there, which makes it assign the same IP
to multiple interfaces (e.g. eth0 and eth0:1)
> 3) How is user lxcuser able to just take whatever IP's it wants?
> I have: "lxcuser veth lxcbr0 100" in /etc/lxc/lxc-usernet
That's the way bridging works. The same way a computer on your LAN can
use whatever IP it wants on that LAN
> So I'm guessing that is how it can do it, but how can I
> constrain lxcuser to only use IP's within a certain range?
Short version: you can't.
Long version:
There's a workaround that I posted sometime ago, which in essence does
NOT use bridging, but use routing + proxy_arp. However it currently
ONLY works on priviledged container (since it needs persistent veth
name on the host side, which is currently not possible for
unpriviledged containers)
--
Fajar
More information about the lxc-users
mailing list