[lxc-users] Network isolation in unprivileged containers

Akshay Karle akshay.a.karle at gmail.com
Mon Oct 19 18:04:15 UTC 2015


I've been looking at ways to isolate the network of each unprivileged
container that I create. I was thinking of putting each container in it's
own vlan or creating a macvlan in private mode. I haven't had success with
either. I also tried creating bridges for every container and attaching
veth pairs of the container to them, and after doing this I was still able
to ping the other containers from inside a container.

I did go through some old threads that mentioned that macvlans and vlans
are not available for unprivileged containers. Is this still the case? If
so, has anyone had success with network isolation for each container? Can
you please share ways to achieve this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151019/630dba91/attachment.html>

More information about the lxc-users mailing list