Just to add to this discussion for the benefit of someone else that runs into a similar issue. Tried the following :
>> lxc.network.type = phys >> lxc.network.link = eth0 This resulted in the container failing to start with : lxc-start: failed to move 'eth0' to the container : Message too long lxc-start: failed to create the configured network lxc-start: failed to spawn 'test1' lxc-start: Device or resource busy - failed to remove cgroup '/var/local/cgroup/test1' As per a previous thread here http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg00249.html changed to lxc.network.type = macvlan it all works well now :)....and as Matthijs suggests this now provides network isolation and a single network interface eth0 in the container. Am sure there is a very good reason though I'm still not clear as to why the default action for the container is to share the network stack of the host in the absence of explicit specification in the config file. Could someone please point me to a discussion on this just so I can get a better understanding of lxc design decisions. Are there other similar instances where I should make specific mention in the config file in order to prevent accidental and inadvertent sharing of resources between host and container? Thanks again Matthijs and everyone here for all your help :) Bye for now Jeetu ebrain.in | Beehive Computing Discover and run software from devices around you - share your software and computing resources. A GPLv3 licensed project. On Mon, May 14, 2012 at 8:44 PM, jeetu.gol...@gmail.com <jeetu.gol...@gmail.com> wrote: > Thanks so much Matthijs :)....truly appreciate the help :)....will try > this out :) > > Regards, > Jeetu > ebrain.in | Beehive Computing > Discover and run software from devices around you - share your > software and computing resources. A GPLv3 licensed project. > > > On Mon, May 14, 2012 at 8:07 PM, Matthijs Kooijman <matth...@stdin.nl> wrote: >> Hi Jeetu, >> >>> I would appreciate if someone could shed light as to if this is normal >>> and expected behaviour and if so how could I bring about network >>> isolation within my container. >> AFAIU, this is normal: If you don't configure any networks within the >> lxc config file, no network isolation happens and the container shares >> the same network stack as the host. >> >> So it should be sufficient to just add network configuration. For >> example, to give the container access to (just) the eth0 device: >> >> lxc.network.type = phys >> lxc.network.link = eth0 >> >> I think these should be sufficient (not using this configuration myself, >> though). >> >> Gr. >> >> Matthijs >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.9 (GNU/Linux) >> >> iEYEARECAAYFAk+xGMIACgkQz0nQ5oovr7xBHwCfad342fvu/73nrI69xIYtSYui >> cLUAoLy+AHcT7rCejAFpthUZfcyIlft7 >> =zWU7 >> -----END PGP SIGNATURE----- >> ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
