Your message dated Sat, 13 Oct 2012 03:58:00 +0200 with message-id <[email protected]> and subject line Re: Bug#690335: lxc network namespace isolation is not done has caused the Debian Bug report #690335, regarding lxc network namespace isolation is not done to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 690335: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690335 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: lxc Version: 0.7.2-1 Severity: important When using the following lxc configuration the containers network namespace is not isolated. /etc/lxc/kilou.conf ----------------- # rtc lxc.cgroup.devices.allow = c 254:0 rwm # mounts point lxc.mount.entry=proc /var/lib/lxc/kilou/rootfs/proc proc nodev,noexec,nosuid 0 0 lxc.mount.entry=devpts /var/lib/lxc/kilou/rootfs/dev/pts devpts defaults 0 0 lxc.mount.entry=sysfs /var/lib/lxc/kilou/rootfs/sys sysfs defaults 0 0 lxc.utsname = kilou lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 #lxc.network.name = eth0 lxc.network.hwaddr = 00:48:32:78:72:01 lxc.network.ipv4 = 192.168.56.2 -------------------- host /etc/network/interface auto br0 iface br0 inet static address 192.168.56.1 netmask 255.255.255.0 network 192.168.56.0 broadcast 192.168.56.255 bridge_ports none bridge_fd 0 bridge_maxwait 0 --------------------- container /etc/network/interface auto eth0 iface eth0 inet static address 192.168.56.2 netmask 255.255.225.0 network 192.168.56.0 broadcast 192.168.56.255 ------------------------ #lxc-start -n kilou -d As a result the host eth0 ip is changed to 192.168.56.2 and the full host netstats appears when doing lxc-netstat -n kilou. Also not traffic from the kilou container appear when sniffing br0 is seems to come from the host. -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lxc depends on: ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libcap2 1:2.19-3 support for getting/setting POSIX. Versions of packages lxc recommends: ii libcap2-bin 1:2.19-3 basic utility programs for using c lxc suggests no packages. -- Configuration Files: /etc/default/lxc changed: RUN=yes CONF_DIR=/etc/lxc CONTAINERS="kilou" -- no debconf information
--- End Message ---
--- Begin Message ---On 10/13/2012 12:11 AM, BenoƮt Canet wrote: > When using the following lxc configuration the containers network > namespace is not isolated. you'll need to use current kernel and current lxc for this, e.g. what's available in sid. -- Address: Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern Email: [email protected] Internet: http://people.progress-technologies.net/~daniel.baumann/
--- End Message ---

