[lxc-users] Running unprotected system container

Koehler, Yannick yannick.koehler at hpe.com
Wed Jun 17 19:47:51 UTC 2020


Ok you are not helpful, not sure why you are replying.

My os already provides kernel modules and script within init to load them up and that actually works already.  And yes I want those modules loaded by my os in the container and made available to host as well.  I have no issue with that, I am fine with my os container altering the shared kernel aspect.

I am facing an issue where I can’t sgare eth0/eth1 since lxd is unable to add macvlan, getting “operation not supported” which I am trying to figure out is likely related to my linux kernel optiona, even thought CONFIG_MACVLAN os set to y, likely some other options are missing.

Anyway thanks for you opinion but so far things are very close to working.
On Jun 17, 2020, 9:35 AM -0400, Andrey Repin <anrdaemon at yandex.ru>, wrote:
Greetings, Koehler!

But I do not want kernel virtualization, not sure where you saw me ask for
that, I want the exact opposite, I want the kernel to be share, meaning same
kernel, same instance, with just layers on top, exactly as system containers do.

Then stop mentioning kernel modules loading. You can't load kernel modules, if
you don't drop to the kernel level.

It is unconventional to run a system container without any security and
such, yet, as seen in the thread I am not alone, but very few.

Load kernel modules on the host and run your applications where they should
run.
Or use proper VM already.


--
With best regards,
Andrey Repin
Wednesday, June 17, 2020 16:23:01

Sorry for my terrible english...

_______________________________________________
lxc-users mailing list
lxc-users at lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20200617/2a978aec/attachment.htm>


More information about the lxc-users mailing list