[lxc-users] iptables-save not working in unprivileged containers?
Fiedler Roman
Roman.Fiedler at ait.ac.at
Mon Nov 9 16:55:50 UTC 2015
> Von: Tomasz Chmielewski [mailto:mangoo at wpkg.org]
>
> On 2015-11-10 01:22, Fiedler Roman wrote:
>
> >> # iptables -A INPUT -p tcp --dport 22 -j ACCEPT
> >
> > Yes, also here.
> >
> > Compare
> >
> > iptables-save
> >
> > with
> >
> > iptables-save -t filter
> >
> > Later should work. I think, that some special tables cannot be read in
> > unpiv
> > (mangle perhaps).
>
> It seems to behave just like "iptables-save" executed by non-root user
> (in non-container).
Not on this side:
* Normal user:
$ iptables-save -t filter
iptables-save v1.4.21: Cannot initialize: Permission denied (you must be
root)
* As root in unpriv container:
# iptables-save -t filter
# Generated by iptables-save v1.4.21 on Mon Nov 9 16:55:27 2015
*filter
:INPUT DROP [0:0]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6344 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151109/2db81e29/attachment.bin>
More information about the lxc-users
mailing list