[lxc-users] LXC - Best way to avoid networking changes in a container
Benoit GEORGELIN - Association Web4all
benoit.georgelin at web4all.fr
Fri Jun 26 13:31:09 UTC 2015
thanks for the link.
I will consider this option too. This should be an interesting configuration.
I'm surprise there isn't many talks about it .
Cordialement,
----- Mail original -----
De: "gustavo panizzo (gfa)" <gfa at zumbi.com.ar>
À: "lxc-users" <lxc-users at lists.linuxcontainers.org>, "Benoit GEORGELIN - Association Web4all" <benoit.georgelin at web4all.fr>
Envoyé: Vendredi 26 Juin 2015 09:23:49
Objet: Re: [lxc-users] LXC - Best way to avoid networking changes in a container
you can configure openvswitch to drop the pkts if the mac address and/or
ip does not match. or you can use an SDN controller which will do it for
you
http://openvswitch.org/pipermail/discuss/2011-May/005112.html for an
example how to do it manually
On June 26, 2015 11:59:04 AM GMT+08:00, Benoit GEORGELIN - Association Web4all <benoit.georgelin at web4all.fr> wrote:
Hi,
I'm looking to avoid network changes in an LXC container with root access while the system is up and running.
Let's say I have two containers running.
A: 192.168.0.100/24
B: 192.168.0.200/24
They are both on the same private network but it can be a public network too.
How can I prevent root user from container B to change his IP address and user the IP address of container A ?
Container network is built on top of Ovs Switch . Maybe there is a way to restrict MAC Address and IP for a specific port ? I did not see any option.
Thanks for you advises !
Cordialement,
Benoit G
lxc-users mailing list
lxc-users at lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
--
1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333
Sent from mobile.
More information about the lxc-users
mailing list