[lxc-users] Unprivileged networking option?
Serge E. Hallyn
serge at hallyn.com
Sat Mar 7 15:09:54 UTC 2020
On Thu, Mar 05, 2020 at 06:46:06PM +0100, Ede Wolf wrote:
> Am 05.03.20 um 03:20 schrieb Serge E. Hallyn:
> > and you currently
> > need a privileged lxc-user-nic to setup network.
>
> Thanks, as that basically sums up my question, as this lxc-user nic only
> seems to work with a standard bridge.
Currently. The /etc/lxc/lxc-usernet file was designed to be flexible
enough to one day support other types. It's just noone has done it
because noone's needed it.
> Unless I am misinformed, which was
> actually my hope. Or maybe there is something in the make to make this
> lxc-user nic play along with macvlan or ipvlan.
Not yet.
> > By intercepting network connection related syscalls,
> > you can avoid the need for privileged lxc-user-nic.
>
> This sounds more like hackish thing or is this interception part of lxc that
> can be utilized? Any mere mortal compatible documentation on this?
It sounds hackish because it's not nicely wrapped up for you yet. The
whole container runtime was a hackish thing not much more than 10 years
ago.
> And a correction to my former post: it's ipvlan layer 3, not level 3 of
> course.
More information about the lxc-users
mailing list