[lxc-users] iptables-save inside container
Joshua Schaeffer
jschaeffer0922 at gmail.com
Fri Feb 5 18:54:46 UTC 2016
I'm trying to run iptables-save inside a container and it returns nothing
(no results, no error... nothing). I found this thread from 2014 and was
wondering if it still an issue?
https://lists.linuxcontainers.org/pipermail/lxc-users/2014-November/008094.html
I am running an unprivileged container on LXC 1.1.5 on Debian Jessie. I get
the same results when I run strace on the container:
strace iptables-save 2>&1 | tail
mprotect(0x7f8d26dcf000, 4096, PROT_READ) = 0
mprotect(0x7f8d26fd7000, 4096, PROT_READ) = 0
mprotect(0x613000, 4096, PROT_READ) = 0
mprotect(0x7f8d271f9000, 4096, PROT_READ) = 0
munmap(0x7f8d271f4000, 11305) = 0
brk(0) = 0x263b000
brk(0x265c000) = 0x265c000
open("/proc/net/ip_tables_names", O_RDONLY|O_CLOEXEC) = -1 EACCES
(Permission denied)
exit_group(0) = ?
+++ exited with 0 +++
/proc/net/ip_tables_names is indeed owned by root with restrictive
permissions (440).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160205/072fb1d4/attachment.html>
More information about the lxc-users
mailing list