[lxc-users] iptables-save inside container

Joshua Schaeffer jschaeffer0922 at gmail.com
Fri Feb 5 18:54:46 UTC 2016


I'm trying to run iptables-save inside a container and it returns nothing
(no results, no error... nothing). I found this thread from 2014 and was
wondering if it still an issue?

https://lists.linuxcontainers.org/pipermail/lxc-users/2014-November/008094.html

I am running an unprivileged container on LXC 1.1.5 on Debian Jessie. I get
the same results when I run strace on the container:

strace iptables-save 2>&1 | tail
mprotect(0x7f8d26dcf000, 4096, PROT_READ) = 0
mprotect(0x7f8d26fd7000, 4096, PROT_READ) = 0
mprotect(0x613000, 4096, PROT_READ)     = 0
mprotect(0x7f8d271f9000, 4096, PROT_READ) = 0
munmap(0x7f8d271f4000, 11305)           = 0
brk(0)                                  = 0x263b000
brk(0x265c000)                          = 0x265c000
open("/proc/net/ip_tables_names", O_RDONLY|O_CLOEXEC) = -1 EACCES
(Permission denied)
exit_group(0)                           = ?
+++ exited with 0 +++

/proc/net/ip_tables_names is indeed owned by root with restrictive
permissions (440).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160205/072fb1d4/attachment.html>


More information about the lxc-users mailing list