[lxc-users] Network isolation in unprivileged containers
Andrey Repin
anrdaemon at yandex.ru
Mon Oct 19 20:36:22 UTC 2015
Greetings, Akshay Karle!
> I've been looking at ways to isolate the network of each unprivileged
> container that I create. I was thinking of putting each container in it's
> own vlan or creating a macvlan in private mode. I haven't had success with
> either. I also tried creating bridges for every container and attaching veth
> pairs of the container to them, and after doing this I was still able to
> ping the other containers from inside a container.
It would help to know, what level of isolation you're thinking about?
What is the final end goal?
> I did go through some old threads that mentioned that macvlans and vlans
> are not available for unprivileged containers. Is this still the case?
Most likely so.
> If so, has anyone had success with network isolation for each container? Can
> you please share ways to achieve this?
--
With best regards,
Andrey Repin
Monday, October 19, 2015 23:35:24
Sorry for my terrible english...
More information about the lxc-users
mailing list