[lxc-users] named network devices
Fajar A. Nugraha
list at fajar.net
Tue Mar 15 07:17:37 UTC 2016
On Tue, Mar 15, 2016 at 2:08 PM, Mike Wright
<nobody at nospam.hostisimo.com> wrote:
> Hi all,
>
> When using privileged containers I can name an ethernet device that shows up
> in iproute2, brctl, etc.
>
> e.g. lxc.network.veth.pair = myExampleNIC
>
> but when using unprivileged containers the same config option has no effect.
> Is this a bug or intentional?
intentional. security concerns, AFAIK.
> Is there a way to name them?
start your containers as root, i.e. located on /var/lib/lxc. But do
some stuff to make them unprivileged. example for config file
additions on ubuntu:
lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
lxc.id_map = u 0 1000000 65536
lxc.id_map = g 0 1000000 65536
Then you also need to shift uids in your container root, e.g. using
fuidshift, available in lxd-tools package (even if you're not using
lxd).
Another alternative is to not use lxc, but use lxd, which basically
does the above things automatically (lxd containers are root-started
unpriv containers by default)
--
Fajar
More information about the lxc-users
mailing list