Bug#690335: lxc network namespace isolation is not done

Fri, 12 Oct 2012 15:15:14 -0700 

Package: lxc
Version: 0.7.2-1
Severity: important

When using the following lxc configuration the containers network
namespace is not isolated.

/etc/lxc/kilou.conf
-----------------
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
 
# mounts point
lxc.mount.entry=proc /var/lib/lxc/kilou/rootfs/proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry=devpts /var/lib/lxc/kilou/rootfs/dev/pts devpts defaults 0 0
lxc.mount.entry=sysfs /var/lib/lxc/kilou/rootfs/sys sysfs defaults  0 0

lxc.utsname = kilou
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
#lxc.network.name = eth0
lxc.network.hwaddr = 00:48:32:78:72:01
lxc.network.ipv4 = 192.168.56.2
--------------------
host /etc/network/interface
auto br0
iface br0 inet static
    address 192.168.56.1
    netmask 255.255.255.0
    network 192.168.56.0
    broadcast 192.168.56.255
    bridge_ports none
    bridge_fd 0
    bridge_maxwait 0
---------------------
container /etc/network/interface
auto eth0
iface eth0 inet static
    address 192.168.56.2
    netmask 255.255.225.0
    network 192.168.56.0
    broadcast 192.168.56.255
------------------------

#lxc-start -n kilou -d

As a result the host eth0 ip is changed to 192.168.56.2
and the full host netstats appears when doing
lxc-netstat -n kilou.
Also not traffic from the kilou container appear when
sniffing br0 is seems to come from the host.


-- System Information:
Debian Release: 6.0.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages lxc depends on:
ii  libc6                         2.11.3-4   Embedded GNU C Library: Shared lib
ii  libcap2                       1:2.19-3   support for getting/setting POSIX.

Versions of packages lxc recommends:
ii  libcap2-bin                   1:2.19-3   basic utility programs for using c

lxc suggests no packages.

-- Configuration Files:
/etc/default/lxc changed:
RUN=yes
CONF_DIR=/etc/lxc
CONTAINERS="kilou"


-- no debconf information


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to