Your message dated Sat, 13 Oct 2012 03:58:00 +0200
with message-id <[email protected]>
and subject line Re: Bug#690335: lxc network namespace isolation is not done
has caused the Debian Bug report #690335,
regarding lxc network namespace isolation is not done
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
690335: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690335
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: lxc
Version: 0.7.2-1
Severity: important

When using the following lxc configuration the containers network
namespace is not isolated.

/etc/lxc/kilou.conf
-----------------
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
 
# mounts point
lxc.mount.entry=proc /var/lib/lxc/kilou/rootfs/proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry=devpts /var/lib/lxc/kilou/rootfs/dev/pts devpts defaults 0 0
lxc.mount.entry=sysfs /var/lib/lxc/kilou/rootfs/sys sysfs defaults  0 0

lxc.utsname = kilou
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
#lxc.network.name = eth0
lxc.network.hwaddr = 00:48:32:78:72:01
lxc.network.ipv4 = 192.168.56.2
--------------------
host /etc/network/interface
auto br0
iface br0 inet static
    address 192.168.56.1
    netmask 255.255.255.0
    network 192.168.56.0
    broadcast 192.168.56.255
    bridge_ports none
    bridge_fd 0
    bridge_maxwait 0
---------------------
container /etc/network/interface
auto eth0
iface eth0 inet static
    address 192.168.56.2
    netmask 255.255.225.0
    network 192.168.56.0
    broadcast 192.168.56.255
------------------------

#lxc-start -n kilou -d

As a result the host eth0 ip is changed to 192.168.56.2
and the full host netstats appears when doing
lxc-netstat -n kilou.
Also not traffic from the kilou container appear when
sniffing br0 is seems to come from the host.


-- System Information:
Debian Release: 6.0.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages lxc depends on:
ii  libc6                         2.11.3-4   Embedded GNU C Library: Shared lib
ii  libcap2                       1:2.19-3   support for getting/setting POSIX.

Versions of packages lxc recommends:
ii  libcap2-bin                   1:2.19-3   basic utility programs for using c

lxc suggests no packages.

-- Configuration Files:
/etc/default/lxc changed:
RUN=yes
CONF_DIR=/etc/lxc
CONTAINERS="kilou"


-- no debconf information

--- End Message ---
--- Begin Message ---
On 10/13/2012 12:11 AM, BenoƮt Canet wrote:
> When using the following lxc configuration the containers network
> namespace is not isolated.

you'll need to use current kernel and current lxc for this, e.g. what's
available in sid.

-- 
Address:        Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email:          [email protected]
Internet:       http://people.progress-technologies.net/~daniel.baumann/

--- End Message ---

Reply via email to