Quoting Fajar A. Nugraha (l...@fajar.net): > On Fri, Jun 26, 2015 at 8:20 PM, Benoit GEORGELIN - Association > Web4all <benoit.george...@web4all.fr> wrote: > > Hi Fajar, > > > > If the container have this setting > > > > lxc.network.type = veth > > lxc.network.flags = up > > lxc.network.hwaddr = 00:16:3e:2e:51:17 > > lxc.network.veth.pair = veth-cont1-0 > > lxc.network.ipv4 = 209.126.100.172/32 > > lxc.network.ipv4.gateway = 10.0.0.1 > > > > > > And the root user in the container change the file /etc/network/interfaces > > to something else than > > > > iface eth0 inet manual > > > > Does the container configuration will be still the one used or the new ip > > address configured in the container will be talking to the network though > > the veth ? > > > The container config lines above makes lxc-start configure necessary > IP and routes. If the container has its own configuration, it will > override the current active ip/routes. > > If the container root user change its configuration (e.g > /etc/network/interfaces) to use the SAME IP/routes (like in my > previous link), it would obviously still work. > > If the container root user change it to use another container (e.g. > container B)'s IP address, then AFAIK the host will simply ignore it. > At least that what happens on my tests.
If you really want to have the container not change its networking, I suppose you could either not grant it CAP_NET_ADMIN, or you could create a network namespace for the container, set it up, and then run the container inside that with 'lxc.network.type = none' in the container configuration. Otherwise, using ebtables/iptables to lock the container's veth to its mac and ip seem the best ways. It may be worth adding a new network_up hook which is sent the names of the host-side nics, and run from the host network namespace (obiously requiring root), to easily script setting these. _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
