[lxc-users] Unprivileged networking option?

Serge E. Hallyn serge at hallyn.com
Sat Mar 7 15:09:54 UTC 2020


On Thu, Mar 05, 2020 at 06:46:06PM +0100, Ede Wolf wrote:
> Am 05.03.20 um 03:20 schrieb Serge E. Hallyn:
> > and you currently
> > need a privileged lxc-user-nic to setup network.
> 
> Thanks, as that basically sums up my question, as this lxc-user nic only
> seems to work with a standard bridge.

Currently.  The /etc/lxc/lxc-usernet file was designed to be flexible
enough to one day support other types.  It's just noone has done it
because noone's needed it.

>  Unless I am misinformed, which was
> actually my hope. Or maybe there is something in the make to make this
> lxc-user nic play along with macvlan or ipvlan.

Not yet.

> > By intercepting network connection related syscalls,
> > you can avoid the need for privileged lxc-user-nic.
> 
> This sounds more like hackish thing or is this interception part of lxc that
> can be utilized? Any mere mortal compatible documentation on this?

It sounds hackish because it's not nicely wrapped up for you yet.  The
whole container runtime was a hackish thing not much more than 10 years
ago.

> And a correction to my former post: it's ipvlan layer 3, not level 3 of
> course.


More information about the lxc-users mailing list