[lxc-users] tap interface in unprivileged container?
Tycho Andersen
tycho.andersen at canonical.com
Tue Jul 21 22:26:22 UTC 2015
On Tue, Jul 21, 2015 at 09:43:44PM +0200, Dirk Geschke wrote:
> Hi LXC-Users,
>
> > is there an easy way to create/move a tap interface to an unprivileged
> > container?
>
> I think, I found a solution:
>
> # ip tuntap add mode tap tap0
> # ip link set tap0 netns 16077
>
> This creates a tap interface with name tap0, 16077 is the PID of
> the init process in the container. If the container is started
> with this config line
>
> lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file 0 0
>
> it seems to work. At least, I get a tap0 interface and get no
> further errors, so far...
>
> Is there an easy way to find the PID of the init in the container
> or something else to move the interface to the correct container?
You can get the init pid with $(lxc-info -n $container -H -p).
Tycho
More information about the lxc-users
mailing list