Hi Serge,
>
> the devices cgroup only prevents access to block and character device
> nodes in the filesystem. (i.e. /dev/loop0 which is block maj 7 minor 0)
>
>
> Plenty. Containers are not root-secure. See
> https://wiki.ubuntu.com/LxcSecurity for starters.
>
Awesome :)thanks so much :)
Quoting jeetu.gol...@gmail.com (jeetu.gol...@gmail.com):
> Hi Serge,
>
> Thanks for taking the time :)
>
> >
> > Note you can of course just add the network lines to this file by
> > yourself, you don't have to create a whole new container right now :)
> >
>
> > No, the automatic use of a syst
Hi Serge,
Thanks for taking the time :)
>
> Note you can of course just add the network lines to this file by
> yourself, you don't have to create a whole new container right now :)
>
> No, the automatic use of a system lxc.conf is just an ubuntu thing. Can't
> really go upstream because it's
Quoting jeetu.gol...@gmail.com (jeetu.gol...@gmail.com):
> Hi Fajar,
>
> Thanks again for taking the time to reply :)
>
> I'm using Debian testing with lxc version 0.8.0~rc1-4. It's possible
> I'm using an outdated version of lxc.
>
> > In Ubuntu host at least, AFAIK using lxc templates will inc
Hi Fajar,
Thanks again for taking the time to reply :)
I'm using Debian testing with lxc version 0.8.0~rc1-4. It's possible
I'm using an outdated version of lxc.
> In Ubuntu host at least, AFAIK using lxc templates will include
> network configuration from /etc/lxc/lxc.conf, which includes these
On Tue, May 15, 2012 at 10:22 AM, jeetu.gol...@gmail.com
wrote:
> Hi Fajar,
>
> Thanks for your response.
>
> I used the debian template and the config file does not (as far as I
> can tell) have any network related stanzas. Unfortunately this default
> behaviour lead to the network stack being sh
Hi Fajar,
Thanks for your response.
I used the debian template and the config file does not (as far as I
can tell) have any network related stanzas. Unfortunately this default
behaviour lead to the network stack being shared between the host and
the container as pointed out by Matthijs.
Therefor
On Mon, May 14, 2012 at 11:48 PM, jeetu.gol...@gmail.com
wrote:
> Are there other similar instances where I should make specific mention
> in the config file in order to prevent accidental and inadvertent
> sharing of resources between host and container?
Try creating a container using templates
Just to add to this discussion for the benefit of someone else that
runs into a similar issue. Tried the following :
>> lxc.network.type = phys
>> lxc.network.link = eth0
This resulted in the container failing to start with :
lxc-start: failed to move 'eth0' to the container : Message too long
l
Thanks so much Matthijs :)truly appreciate the help :)will try
this out :)
Regards,
Jeetu
ebrain.in | Beehive Computing
Discover and run software from devices around you - share your
software and computing resources. A GPLv3 licensed project.
On Mon, May 14, 2012 at 8:07 PM, Matthijs Koo
Hi Jeetu,
> I would appreciate if someone could shed light as to if this is normal
> and expected behaviour and if so how could I bring about network
> isolation within my container.
AFAIU, this is normal: If you don't configure any networks within the
lxc config file, no network isolation happens
Hi guys,
I'm admittedly quite new to LXC therefore forgive me if this is
expected behaviour and/or has been documented/discussed here before.
I've been toying with using lxc as a sandboxing mechanism (process and
filesystem mainly) in my open source (GPLv3) project eBrainPool.
I created a barebon
12 matches
Mail list logo
